Overview
ShareTech NU series is the next phase of technology change which will help service provider to launch the services in a single click, delivering exceptional performance, superior multi-layered threat protection, and role-based administration to small and medium businesses.
NU-840H carries advanced protection across your network security deployments: Deep Packet Inspection (DPI), IPS, SSL Inspection, Web Filtering, QoS, virus scanning, spam filtering, and external authentication to prevent potential attack launched by hackers and legitimate authorized users from accessing network. Moreover, High Availability (HA) is supported to ensure smooth network operation.
NU-840H goes beyond traditional firewall and brings a new approach to the way administrators define their firewalls with 6 gigabit Ethernet ports including one management port and 5 user-defined ports (LAN, WAN or DMZ). To enhance internal security, NU-840H unifies and deploys consistent security policies across both wired and wireless networks, centrally manage and monitor internal wireless APs and switches. ShareTech also introduces a cloud-based service system providing a new way to deploy, operate, and manage distributed networking appliances. When anomalies occur in network traffic, the system sends notifications to IT administrators and help them to resolve issues quickly.
Guardian of Gateway Security
NU-840H fully integrates firewall, Deep Packet Inspection (DPI), virus scanning, ISP, SSL Inspection and blocking, moreover, extended APT prevention and IPS detection are provided to stay one step ahead for improved compliance and security.
Stateful packet inspection (SPI) firewall technology exams the packet header and destination port for authentication and checks the entire packet’s content before determining whether to allow its passage into the network. SPI firewalls can drop any packet that identified as potentially dangerous and automatically blocks DoS, DDOS, and UDP Flood attacks.
Web filtering to block HTTP/HTTPS access
Intrusion Prevention System (IPS)
Application control
Virus scanning and spam filtering
Network traffic monitoring and Co-Defense
A Compact x86 Network Appliance with Intel Processors Reinforces Internal Management
NU-840H is a real-world firewall based on 4 Core Intel-branded Processor, with 6 gigabit Ethernet ports, firewall throughput up to 4.2 Gbps, and improved VPN throughput of 650 Mbps.
Supports SD-WAN
In traditionally hardware-based networking, Multiprotocol Label Switching (MPLS), directs data from one node to the next based on short path labels and avoids complex lookups in a routing table. Now, SD-WAN offers more benefits over traditional MPLS networks. The core value proposition of SD-WAN is that it promises to dramatically impact the entire enterprise networking ecosystem. With SD-WAN, geographic boundaries are erased, and key benefits such as visibility, scalability, performance, and control are enhanced.
Deep Packet Inspection (DPI) and Application Control
NU-0840H detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data. Having application layer firewall technology, NU-840H can inspect both HTTP and HTTPS packets and prevents losing sensitive information or subsequently acquired by unauthorized parties.
Unique DPI performs traffic signature analysis by inspecting all packets for new application signatures, score up the signatures, and append them to the relevant database. More importantly, having recorded these collected data will be available for future audits.
Supports for protocols and applications, including video streaming, peer-to-peer communication, social networking, and instant messaging
Detailed control over file sharing, remote control, VoIP, online games, browsers, etc.
SSL/HTTPS Inspection
Cloud database updates
Single-Pane-of-Glass Dashboard (Optional)
The ShareTech dashboard is available through the GUI and presents a graphic view of the real-time system information. It allows administrators to have visibility into UTM information and includes server status, indicators for events, connection activity, and performance alters. The continuous monitoring allows the analyst to identify important data without having to log into multiple devices. Problems can be rapidly identified to increase potential concerns.
Complete VPN Solutions
Using IPsec, PPTP, L2TP, SSL VPN connections, NU-840H provides data confidentiality, data integrity, and data authentication. At the same time, popular protocols such as web, SMTP, and POP3 that contains packets transmitting within tunnels can be controlled.
Supports IPSec, PPTP, L2TP, SSL, and GRE Tunnel
Supports DES, 3DES, and AES encryption and SHA-1/MD5 authentication algorithms
SSL VPN mobility client for Android and Apple iOS
Controls connectivity of remote sites from the central site
Central Management (CMS, Eye Cloud, and AP management)
Central management system (CMS) designed for multi-site network security appliances deployments allows administrators to remotely restart, reboot, and monitor devices. Moreover, Eye Cloud, a cloud service platform, provides users friendly interface to support instant equipment maintenance and management. It is an all-inclusive solution to monitor various networking appliances deployed in either external or internal networks such as UTM, wireless APs, or switches. When an anomaly occurs, administrators will be notified of the problem.
Features
Exceptional Performance and Consolidated Security Features
ShareTech NU Series adopt best-on-class multi-core x86 CPU platform to deliver exceptional performance and intelligent network security features. ShareTech develops high-performance security modules, delivers high connection capacity connectivity, and supports USB instant recovery.
IPv4 / v6 Dual Mode
Native dual-stack supported. To cope with IPv4 depletion, ShareTech provides a solution that covers both IPv4 and IPv6 network and can be configured for IPv4 only, IPv6 only, or to support both protocols simultaneously. Furthermore, all ShareTech appliances have been certificated with “IPv6 Ready” logo.
SSL Inspection
To protect your network from network threats, SSL inspection is the key used to unlock encrypted sessions, see into encrypted packets, find threats, and block them. Several security features that can be applied using SSL certificate inspection are ISP, gateway anti-virus, web filtering, application control, and QoS.
Inbound/Outbound Load Balance
Outbound/inbound load balancing are provided for distributing incoming HTTP requests across multiple servers, improving server utilization and maximizing availability. When one of the links is down, the other link will take over the work and handle the traffic until troubled one returns to normal, in either manual or auto distribution mode. Built-in DNS server functionality that enables inbound Load Balancing distributes inbound data traffic over multiple WAN links to computers behind UTM for more reliable network connectivity.
Intrusion Prevention System (IPS)
Built-in IPS inspects the packets from OSI layer 4-7 (transport to application layer) and block concealed malicious code and worms delivered in TCP/IP protocols. As soon as an attack is suspected, IT administrators will be notified immediately and later an extensive range of reports will be available for analysis. ShareTech regularly updates the predefined attack-signature database and makes it available as IPS security package.
Advanced Threat Defense
In addition to firewall, Intrusion Prevention System (IPS), and virus scanning, NU-840H can monitor malware or threats within traffics based on analyzing flows, webpages, and email. By performing different security mechanisms, a business network is given more effective and profound protection against active cyberattacks, targeted attacks, and sophisticated malware.
Gateway
For companies that have deployed mail servers in their network environments but lacking advanced filtering, NU-840H can be placed at the gateway to secure your email and get simple and powerful protection from spam, virus, and malware.
Anti-Virus
Built-in Clam AV can detect over millions of viruses, worms, and Trojans. Once suspicious emails are detected, the administrator can decide to delete or block them. Moreover, websites will be scanned once the function of anti-virus is enabled in policy. Customers may purchase Kaspersky protection for their security needs.
Anti-Spam and Shared Signatures
ShareTech NU Series employ multi-spam filters: ST-IP Network Rating, Bayesian Filtering, spam characteristics filtering, fingerprinting, auto learning, and personal B/W list. It also gives administrators the flexibility to enforce custom filtering. These help industries create their database by importing the latest spam update. Following actions like forward, delete, quarantine can be taken on the mail identified as the spam. Moreover, the shared signatures mechanism shares a signature of an early receiver with the rest of the group so that higher spam detection accuracy can be obtained.
ShareTech Sandstorm-Malicious Programs Filtering System
To detect unknown attached files, such as file in Word, Excel, PowerPoint, PDF, ZIP or RAR format, ShareTech Sandstorm system will compare the suspicious files with our database. Threatening emails will be quarantined and will not have the opportunity to affect the operation of the email system.
IP Traffic Streams Analysis
Outgoing/incoming concurrent sessions, upload/download flow, and time duration are flow parameters collected for packet-based traffic analysis. Using a combination of pattern matching can determine whether an activity is performing normally or abnormally. If employees are violating the rules and exceeding more downloading flow, IT administrators are allowed to define the trusted IP list and take appropriate actions to block network access, limit maximum bandwidth, blocking ports on switches (Co-Defense), or simply receive a notification.
QoS
QoS offers more agile bandwidth management for industries and organizations. All the servers and users can be configured their minimum and maximum bandwidth; the remaining bandwidth will be allotted to the other users according to their configuration.
Content Filtering
IT administrators can configure Web filtering profiles that block URLs to inappropriate webpages like violence and pornography and hacking attacks like malware and virus. Moreover, UTM filters out ActiveX objects, Cookies or Java applets that may pose a security threat in certain situations. Both keywords and URLs of specified websites can be added to Blacklist and Whitelist.
Advanced URL Control and Database
Advanced URL database collects millions of URLs and updates every period. All these URLs and their contents were analyzed and classified into categories, including Pornography & Violence, Network & Cloud Service, Organizations & Education, Security Risks & Criminal, Life Information, and Others. IT administrators can block any category in the database with ease without entering keywords or desired URL addresses one by one. By default, NU-840H contains 1-year URL license. Customers may renew the license for an instantly updated database.
Advanced Application Control and Database
To prevent data leakage and ensure regulatory compliance, access to unrelated applications during working hours should be controlled. The advanced application database contains 1000+ modernized applications like P2P, VOIP, GoToMyPC, Webpages, Games, Media Player, Bit Torrent, Foxy (Gnutella), stock market, Instant Messaging, Xunlei, Gator, Yahoo Manager, Virus and Malware, filename extension, Kazaa, Facebook, Zalo, etc. By default, NU-840H contains 1-year application license. Customers may renew the license for an instantly updated database.
WEB and Email Records
Record each user online behavior (computer name, IP address, MAC address, and traffics) timestamps, items and locations.
Record incoming and outgoing mail (Webmail) and their attachments pass through the mail gateway
Email is saved in an .eml format that can easily be viewed and searched
Graphical Reports
ShareTech reporting allows administrators to custom how the chart types (bar, pie, line, and table) or texts will be displayed at the top of the report. NU-840H displays operation status for the time frame specified (day, week, or month), including CPU, RAM, modification times, security level and flow monitor reports.
VPN
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel across the Internet. ShareTech offers IPSec, PPTP, L2TP, SSL VPN technologies on a single platform. Site-to-site IPsec VPN allows headquarters and their branch offices to be on the same network and sharing resources among offices. Point-to-point PPTP VPN, natively supported by Windows, is easy to set up and maintain and requires user-level authentication. L2TP which encrypts the authentication process and avoids your transmission being intercepted is a bit more powerful than PPTP. Moreover, SSL VPN provides remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption. It does not require any special-purpose client software to be pre-installed on the system.
Specification
|
Features
|
Description
|
|
Threats Defense
(Anti-Virus/IPS/SSL Inspection)
|
Uses open-source Clam AV engine with huge database includes millions of signatures which get updated regularly and requires no yearly subscription fees
Optional Kaspersky module
Scheduled IPS signature database update and risk management is divided into 3 levels (high, medium, and low)
Provides scalable SSL inspection
|
|
Firewall Security
|
Coordinated DoS/DDOS attacks and UDP Flood performed by hackers can be blocked automatically.
QoS provides bandwidth guarantees and a priority command can be given for min/max bandwidth guarantee.
Limit the bandwidth using source IP in both directions
Supports IPv4, IPv6, and Dual Stack
Supports load balancing and failover for both outbound and inbound traffics
Provides DNS service and Dynamic DNS services
|
|
Potential Risks Detection
(Flow Analysis)
|
Flow/behavior-based anomaly detection allows both up and down sessions to be analyzed and see if a performance problem exists
Following actions can be taken when an anomaly occurs. An anomaly can be recorded, blocked, and notify subscribers.
Co-Defense can be applied to protect the internal network. The PoE schedule function helps administrators enable or disable PoE power feeding for each PoE port during specified time intervals.
Prevents ARP spoofing
Manages switch port mapping that gives an instant view into the operational status and speed of each port.
|
|
Mail Security
(Anti-Spam, Mail Filtering)
|
Employs multiple spam mechanisms: ST-IP network rating, fingerprinting, Bayesian filtering, auto learning, auto-whitelist, system and personal Blacklist/Whitelist and spam characteristics filtering.
Offers Email content and spam filtering
Shared spam signatures
Users can purchase the Email Auditing module for advanced filtering and quarantine.
Client-side spam mail search is available on the web-based interface
Additional actions such as quarantine, delete, blocking IP, and carbon copies can be performed to all mail.
Searching recorded email are available
|
|
Application Access Control
|
Multiple application categories e.g. P2P, IM, VOIP, Web, Webmail, game, video, spyware, stock, and others.
Administrators can use policies to prohibit their users from accessing applications
Built-in 1-year application license
|
|
URL Filtering
|
Provides URL filtering and database
URL filtering policies are allowed to be configured by administrators
IT administrator can add keywords or URLs to Black/White lists
Built-in 1-year URL license
|
|
User Identity
(Radius)
|
The host computers are established to ensure user identity and supports the use of LDAP, Radius, AD or POP3 servers for authentication.
Desired user groups can be customized
Applies access control methods
Provides authentication record and connection status
|
|
Content Record
|
Logs all incoming/outgoing emails with delivering date and time
Archived email is exported in .eml format
Records browsing history
Records webpage virus detected history and query
|
|
Load Balance
|
Ensuring the network is never disconnected
Provides inbound & outbound load balancing
Users can assign load balancing automatically, manually, or by source-destination IP
|
|
VPNs Connection
|
Supports VPN clients for Windows
Supports IPSec Tunnel for both server and client sides
Supports IPSec, PPTP, L2TP, and SSL for VPN connection and connection logs
Users can create, edit and control over VPN connections and auto VPN is supported as an alternative to direct access
|
|
QoS
|
Supports QoS
Supports bandwidth guarantee, max/min-limit, and priority commands
Bandwidth usage from the internal/external source IP can be limited
Efficient priority scheme is available
|
|
Operation Modes
|
NAT, Routing
|
|
Dashboard & Logging
|
Users can purchase the optional dashboard module to help administrators tracking and diagnosis. And reports can be directly exported in PDF or PNG format.
Multiple event logs can be centrally logged and monitored. And it includes configuration, networking and route, objects, services, advanced protection, IPS, WAF, mail security, VPN, etc.
Provides analysis of debugging, system performance, intrusion attempts, and tracking.
|
|
Virtual Server
|
IP Supports virtual server that data flows can be transmitted to any of the other ports without using any switch or router
|
|
High Availability
|
Building a cluster and hot standby of two or more ShareTech devices is available
|
|
CMS &
Cloud Management
|
Manages multiple UTMs and wireless access points
Supports both CMS server and client sides
Cloud-based integration can be led to ShareTech Eye Cloud service system
|
|
Bulletin Board
|
Announcements can be made to employees in a very effective and proper way.
|
|
Diagnostic Tools
|
Standard net tools such as Ping, Traceroute, DNS lookup, and port scanner are available to help users identify and fix connection problems.
|
|
System Management
|
Integrated wizards for user-friendly setup
Supports hardware interrupts to the CPU
Offers HTTP and HTTPs web management
The web interface supports languages: English, Traditional Chinese, and Simplified Chinese
Offers system backup, auto backup, firmware update, and firmware download logs
Uninterruptible Power System (UPS)
Supports VLAN 802.1Q
Supports DDNS service, DNS service, and SNMP service
Supports remote log server
Supports DHCP for both client and server sides
|
|
Others
|
The area network can be defined as LANs, WANs, Bridge-paired interfaces, and HA ports.
Administrators can select authorized users and assign access conditions
Automatic disk check can be scheduled
Automatic restart
|
Compatibility List
Co-Defense Switch Compatibility List
SNMP
。AG-2824T
。ML-9324
。ML-9308
。3Com-4210
。GS1920-48HP
。GS1920-48
。GS1920-24HP
。GS1920-24
。GS1900-24
。GS1900-8HP
。GS1900-8
。XS1930-10
。XS1930-28HP
Switch
。Cisco3560e
。Cisco3750
。H3C-S5100
。H3C-S7506R
。SGI-2404
。Juniper-ex2200
。ML-9528
。GS2210-48
。GS2210-24HP
。GS2210-24
。XGS3700-48
。XGS3700-24
。DGS1510-28X
。Cisco-C2960L-24TS-LL
。GS2220-28
。GS2220-50
。XGS2210-52
AP Management Wireless Acess Points Compatibility List
。NWA5121-NI
。NWA5123-AC HD
。NWA1123-ACv2
。NWA1123-ACv3
。NWA1123-AC HD
。NWA1123-AC PRO
。NWA110AX
。NWA50AX
。NWA90AX
。WAX510D
。WAX610D
。Netgear WAC510
3G/4G USB Compatibility List
。DLINK DWM-222 A1
。HUAWEI E3372h
。HUAWEI E161 (3G only)
Uninterruptible Power Supply (UPS) Compatibility List
。APC Smart-UPS 3000
。APC Back-UPS Pro 700
。APC Back-UPS 1100
。Flight Technic FT-1000BS
。EATON 5E 650
