Features

IPv4 / v6 Dual Mode
Native dual-stack supported. To cope with IPv4 depletion, ShareTech provides a solution that covers both IPv4 and IPv6 network and can be configured for IPv4 only, IPv6 only, or to support both protocols simultaneously. Furthermore, all ShareTech appliances have been certificated with “IPv6 Ready” logo.

Virtual Firewall
On the high-end firewalls, a physical firewall can be divided into multiple virtual firewalls. Each virtual firewall system can have independent system resources, administrators, security policies, and user authentication, etc. On the same interface, high-performance network security in a virtual form factor for rapid deployment and scale-out environments.

Intrusion Detection and Prevention (IDP)
Built-in IDP (IDS+IPS) inspects the packets from OSI layer 4-7 (transport to application layer) and block concealed malicious code and worms delivered in TCP/IP protocols. As soon as an attack is suspected, IT administrator will be notified immediately and later an extensive range of reports will be available for analysis. ShareTech regularly updates the predefined attack-signature database and makes it available as IDP security package.

Gateway
For companies that have deployed mail servers in their network environments but lacking of advanced filtering, ShareTech UR-940H can be placed at gateway to secure your email and get simple and powerful protection from spam, virus and malware.

Co-Defense (with SNMP switch)
An advanced protection of UR-940H, CO-Defense SNMP, is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. When anomalous flow occurs, it will be blocked and the administrator will be notified and assisted to this abnormal situation. Defects can be known on which computer and which switch port at the earliest possible time which prevents business network from failure. Co-Defense makes network management fairly easy because it does not need any change from network structure, habits of individual user, buying expensive L3 Switch (Layer 2 switch is sufficient enough), and extra detecting appliances.

BotNet Co-Defense
ShareTech UR-940H supports BotNet defense and NAT which can explicitly point out which is the real attack running hidden while internal users send spam through the mail server. Should sophisticated BotNet activates is blocked, the malicious computer might keep infecting ordinary users’ computers. To ensure CPU recourse not being wasted on the same matter, administrator can enable BotNet Co-Defense and directly shut down switch ports of infected computers. It not only saves recourses but also suspense malicious software spreading in the internal network.

Get IP, MAC, or port blocked (with Co-Defense switch)
Regarding higher security networks for army, government units and research labs that transmit sensitive and potentially classified information, users are not allowed to change the location of switches. Take user A (IP:192.168.100.5 ; MAC:05:51:62:53:02:03) as an example, ShareTech UR-940H can configure its own port on a switch. Network connection cannot be made if the device is connected to other switch ports.

Anti-Virus
ShareTech UR-940H for large enterprises offer Clam AV for virus scanning which can detect over millions of viruses, worms, and Trojans. Once suspicious emails are detected, the administrator can decide to delete or block them. Moreover, websites and FTP will be scanned once the function of anti-virus is enabled in policy. Customers may choose to purchase a Kaspersky module for their security needs.

Virus Scanning for Web and FTP
ShareTech web filtering offers a secure web browsing experience by filtering all web traffics. Security policies can be configured to limit access to inappropriate web sites, filter uploads/downloads, and block suspicious files. ShareTech UR-940H scans all FTP file uploads and downloads to prevent employees from downloading illegal files.

Anti-Spam
ShareTech UR-940H employs multi-spam filters: ST-IP Network Rating, Bayesian Filtering, spam characteristics filtering, fingerprinting, auto learning, and personal B/W list. It also gives administrators the flexibility to enforce custom filtering. These help industries create their own database by importing the latest spam update. Following actions like forward, delete, quarantine can be taken on the mail identified as the spam. Email accessed by users from LAN to DMZ can be especially filtered and logged.

Inbound/Outbound Load Balance
Outbound/inbound load balancing are provided for distributing incoming HTTP requests across multiple servers, improving server utilization and maximizing availability. When one of the links is down, the other link will take over the work and handle the traffic until troubled one returns to normal, in either manual or auto distribution mode. Built-in DNS server functionality that enables inbound Load Balancing distributes inbound data traffic over multiple WAN links to computers behind UR-940H for more reliable network connectivity.

Smart QoS
Smart QoS offers more agile bandwidth management for industries and organizations. All the servers and users can be configured their minimum and maximum bandwidth; the remaining bandwidth will be allotted to the other users according to their configuration.

Content Filtering
IT administrators can configure Web filtering profiles that block URLs to inappropriate webpages like violence and pornography and hacking attacks like malware and virus. Moreover, UR-940H filters out ActiveX objects, Cookies or Java applets that may pose a security threat in certain situations. Both keywords and URLs of specified websites can be added to Blacklist and Whitelist.

ARP Spoofing Defense
In an ARP spoofing attack, a malicious party sends spoofed ARP messages across a local area network in order to link the attacker’s MAC address with the IP address of a legitimate member of the network. This type of spoofing attack results in data that is intended for the host’s IP address getting sent to the attacker instead. Malicious parties commonly use ARP spoofing to steal information, modify data in-transit or stop traffic on a LAN. ShareTech UR-940H can effectively defect denial-of-service, session hijacking and man-in-the-middle attacks by periodically updating internal ARP table with MAC address and IP address of computers.

Wireless AP Management
ShareTech UR-940H can be a unified platform to control and manage deployed wireless access points. They appear in the UTM user interface, administrators can easily monitor and manage operation (functioning or malfunction), change the SSID password, uploading/downloading flow, and concurrent and history users on every AP (MAC address included).

CMS (Central Management System)
CMS provides a useful management and monitoring solution, which allows industries to manage distributed appliances installation across remote offices and clients. Without DDNS and installing software, administrators can manage each deployed UTM on the interface they are familiar with.

Bulletin Board
It is an effective way designed to make announcement within company employees. Before being allowed to use the Internet, employees are expected to read the messages posted on the bulletin board.

URL Database
Built-in URL database collects almost 1, 000, 000 URLs and updates every period of time without additional charge. All these URLs and their contents were analyzed and classified into 12 categories, including Aggressive, Audio-Video, Drugs, Gambling, Hacking, Porn, Proxy, Redirector, Spyware, Suspect, Violence, and Warez. IT administrator is able to block any category in the database with ease without entering keywords or desired URL addresses one by one.

WEB, FTP, IM, and Email Records

    Record each user online behavior (computer name, IP address, MAC address, and traffics) time stamps, items and locations

    Record FTP downloads location (computer name, IP address, MAC address) and transferred files

    Record IM chatting contents: Yahoo, ICQ, IRC, Gadu, and Jabber 

    Record Encrypted IM: Skype and QQ

    Record incoming and outgoing mail (Webmail) and their attachments pass through the mail gateway

    Email is saved in an eml format that can easily be viewed and searched

Application Control
In order to prevent data leakage and ensure regulatory compliance, the access to applications which unrelated to work should be controlled during working hours. ShareTech UR-940H can enforce policy for applications like P2P, VOIP, GoToMyPc, Webpages, Games, Media Player, Bit Torrent, Foxy (Gnutrlla), stock market, Instant Messaging, Xunlei, Gator, Yahoo Manager, Virus and Malware, filename extension, Kazaa, Facebook, etc.

Flow Analysis
No matter whether internal users’ computers are on or off, flow analysis tools can display real-time statistics, protocol distribution list, and rankings of traffic flows.

Graphical Reports
ShareTech reporting allows administrators to custom how the chart types (bar, pie, line, and table) or texts will be displayed at the top of the report. ShareTech UR-940H displays operation status for the time frame specified (day, week, or month), including CPU, RAM, modification times, security level and flow monitor reports.

Remote-Access VPN
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel across the Internet. The ubiquity of the Internet, combined with VPN technologies, allows organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace, anytime. ShareTech offers IPSec, PPTP, L2TP VPN technologies on a single platform with unified management. IPsec VPN securing the site-to-site connections allows headquarters and their branch offices to be on the same network and sharing resources among offices. Moreover, PPTP and L2TP VPN offer point to point connection for employees working at home. Employees can get access to industry’s network securely and easily.

SSL VPN
SSL-based VPNs provide remote-access connectivity from almost any Internet-enabled location using a Web browser and its native SSL encryption. It does not require any special-purpose client software to be pre-installed on the system. For remote clients, there are two different types of access. One is access to the internal network and the other is access to the Internet over VPN server. Administrators can control over bandwidth usage, VPN service and time from both accesses. 

DNS and Dynamic DNS
ShareTech UR-940H can be configured to use DNS and DDNS. DNS translates more readily memorized domain names to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. Dynamic DNS automatically updates a name server in real time which providing a persistent addressing method for devices that change their location, configuration or IP address frequently.

Diagnostic Tools
ShareTech UR-940H provides diagnostic tools such Ping, Traceroute, DNS Query, Port Scan and so on. They make fault isolation and troubleshooting easy for administrators.

Flexible Policy Control
Flexible web policies allow you to build rules based on users, groups, date, time and much more. Administrators can setup combination to reach different network requirements. Problems can be fixed without temporarily suspending services and operation can be made through GUI to keep your network safe and secure. 

User-Friendly Interface
Firmware upgrades using web browser; A user-interface language setting method and system is designed for the user to set a preferred language, such as Chinese (Traditional), Chinese (Simplified), English, and make it possible to export/import the configuration.

Diagram

VPN Solutions

Benefits and advantages:

       1. VPN provides a secure connection and rapid speeds

       2. Supported IPSec, PPTP, L2TP, and SSL VPN (Online Registration)

       3. Commonly connects branch office locations and roaming VPN clients back to a headquarter location

 

Specification

Features	Description
Threats Defense (Anti-Virus/IDP/Botnet)	1.        Uses open source Clam AV engine with huge database includes millions of signatures 2.        Kaspersky module (Optional) 3.        Clam AV team has fast response time, updates signature regularly and requires no yearly subscription fees 4.        Provides IDP and BotNet attack-signature database 5.        IDP risk management is divided into 3 levels (high, medium, and low) 6.        IDP and BotNet database require no subscription fees
Malicious URL Filtering (URL & Databases)	1.        Provides URL filtering and database 2.        URL filtering policies are allowed to be configured by administrators 3.        IT administrator can add keywords or URLs to Black/White lists
Firewall Security	1.        Coordinated DoS/DDOS attacks and UDP Flood performed by hackers can be blocked automatically. 2.        Smart QoS provides bandwidth guarantees and a priority command can be given for min/max bandwidth guarantee. 3.        Supports IPv4, IPv6, and Dual Stack 4.        Supports load balancing and failover for both outbound and inbound traffics 5.        Provides DNS service and Dynamic DNS services
Potential Risks Detection (Flow Analysis)	1.        Flow/behavior-based anomaly detection allows both up and down sessions to be analyzed and see if a performance problem exists 2.        Following actions can be taken when an anomaly occurs. An anomaly can be recorded, blocked, and notify subscribers. 3.        Integrated with advanced switching technology, Co-Defense can be applied to protect the internal network. 4.        Prevents ARP spoofing 5.        Manages switch port mapping that gives an instant view into the operational status and speed of each port.
Mail Security (Anti-Spam, Mail Filtering)	1.        Employs multiple spam mechanisms: ST-IP network rating, fingerprinting, Bayesian filtering, auto learning, auto-whitelist, system and personal Blacklist/Whitelist and spam characteristics filtering. 2.        Offers Email virus scanning 3.        Offers Email auditing, advanced filtering and quarantine (Optional) 4.        Client-side spam mail search is available on web-based interface 5.        Additional actions such as quarantine, delete, blocking IP, and carbon copies can be performed to all mail. 6.        Searching recorded email are available
Application Access Control	1.       Multiple application categories e.g. P2P, IM, VOIP, Web, WebMail, game, video, spyware, stock and others. 2.       Free schedule updates 3.       Administrators can use policies to prohibit their users from accessing to applications
User Identity (Radius)	1.        The host computers are established to ensure user identity and also supports the use of LDAP, Radius (limited to models with radius-level features), AD or POP3 servers for authentication. 2.        Desired user groups can be customized 3.        Supports Radius services (limited to models with radius-level features) 4.        Provides authentication record and connection status
Content Record	1.     Logs all incoming/outgoing emails with delivering date and time 2.     Archived email is exported in. eml format 3.     Records FTP Server transfers 4.     Records browsing history 5.     Records instant messaging eg. Skype (limited to models with record-level features)
Load Balance	1.        Ensuring the network is never disconnected 2.        Provides inbound & outbound load balancing 3.        Users can assign load balancing automatically, manually, or by source-destination IP 4.        Built-in Smart DNS Server
QoS	1.        Supports Smart QoS 2.        Supports bandwidth guarantee, max/min-limit, and priority commands 3.        Bandwidth usage from the internal/external source IP can be limited 4.        Efficient priority scheme is available
VPNs Connection	1.        IPSec and Site-to-Site PPTP and L2TP VPN 2.        Reliable SSL VPN connection 3.        Users can create, edit, and control over VPN connections
Operation Modes	Transparent, Bridge mode, NAT, Routing
Logging & Reports	1.     Multiple event logs can be centrally logged and monitored. And it includes configuration, networking and route, objects, services, advanced protection, mail security, VPN, etc. 2.     A report includes a statistic table, ranking grid, bar/line graphs, and pie charts.
Virtual Server	IP Supports virtual server that data flows can be transmitted to any of the other ports without using any switch or router
High Availability	Building a cluster and hot standby of two or more ShareTech devices  is available
CMS	1.        Manages multiple UTMs and wireless access points 2.        Provides real-time monitoring and proactive management 3.        Cloud-based integration can be led to ShareTech Eye Cloud service system
Bulletin Board	Announcement can be made to employees in a very effective and proper way
Diagnostic Tools	1.        Standard net tools such as Ping, Traceroute, DNS lookup, and port scanner are available to help users identify and fix connection problems. 2.        Test widgets like IP Route, Wake Up, SNMP, IPv6 tool are provided to test your connection and readiness as well.
Others	1.     Free firmware upgrades 2.     Administrators can select authorized users and assign access conditions 3.     Automatic disk check can be scheduled 4.     Supports 802.1Q 5.     Data backup and mount 6.     Autonomous management based on a user-friendly interface

Compatibility List

3G/4G USB Compatibility List

。DLINK DWM-222

。HUAWEI E3372h

。HUAWEI E161 (3G only)

 

     Co-Defense Switch Compatibility List

。Cisco-C2960-24TS-LL

。Cisco3650e

。Cisco3750

。H3C-5100

。H3C-S7506R

。SGI-2404

。Juniper-ex2200

。ML-9528

。GS2210-24

。GS2210-24HP

。GS2210-48

。XGS3700-24

。XGS3700-48

。DGS1510-28X

 

AP Manangement Wireless Acess Points Compatibility List

。Howay2000NI

。AP-300

。NWA1100-NH

。NWA1123-ACv2

。NWA5121-NI

。NWA5123-NI

。NWA5123-AC

。WAC6103D-I