Unified Threat Management (UTM) provides multiple security features and services in a single device or service on the network, protecting users from security threats in a simplified way. The advantage of UTM is streamlined installation and management of these multiple security capabilities. Ariadezh UTM filter network traffic to protect an organization from external threats. Maintaining features of stateful firewalls such as packet filtering, VPN support, network monitoring, and IP mapping features, Ariadezh also possesses deeper inspection capabilities that give them a superior ability to identify attacks, malware, and other threats.
Due to the vital and sensitive role of the firewalls of Dezhafzarnet Company, relying on the knowledge and technical experience of its security and programming team, it has designed and produced 100, 200, 300, 400, and 400 series firewalls.
The walls of Ariadezh Series 100, 200, 300, and 400 fireplaces are designed and produced in a completely indigenous way.
In computer and network systems, the firewall is a security system that uses pre-defined rules to inspect and control incoming and outgoing traffic to the network. The firewall is usually used as an environmental controller and is located between the secure network connection and the rest of the network. Firewalls are usually available in two forms: network firewall or host firewall. To introduce this product, Dezhafzarnet company has tried to prepare the catalog of this product and provide it to you for more information.
In order to introduce the product and also better interaction with the customers in knowing the features of this product, Dezhafzarnet company has prepared a video. You can play and watch the relevant video by selecting the button below.
In the dashboard, you can have the latest system status in several columns with drag & drop capability. The dashboard environment is based on widgets, so that the users can add different widgets according to their needs, including:
The reporting section provides the capability and monitor and reviews all events in the network and firewall.
Ariadezh UTM provides a full range of diagnostics and troubleshooting tools, including :
A firewall is a stateful firewall that maintains the path and state of network connections such as TCP streams and UDP communications. Ariadezh firewall allows users to categorize and manage rules. All the packets that intend to enter or leave the network may not be healthy packets and some of them may have a series of intentional or unintentional defects that cause harm to the host. The process of reconstructing packages and categorizing them is done by a feature called normalization.
The process of normalizing the packages is such that the final destination does not have any ambiguity in the interpretation of the packages. This feature also helps in defragmenting packets, discarding packets that have an invalid TCP flag (FLAG), and protecting the operating system against some firewall attacks.
A captive portal allows you to force authentication on the network, or to redirect the user to another page that requires a click to access the network. This feature is usually used in hotspot networks, it is widely used in integrated networks to create an additional layer of security on the wireless network or the Internet. In addition, Ariadezh also supports vouchers. The voucher function generates random passwords that users can use to access the Internet through the captive portal and their access will be maintained until the voucher is validated. This feature is used in restaurants and hotels for users to access the Internet.
the simplest and well-classified web interface of Ariadezh UTM, allows the network administrator to have complete monitoring of all parts of this product without complexity.
Application Layer Network Monitoring
One of the unique capabilities of Ariadezh is the existence of a monitoring service that can analyze the network traffic in detail and present it to the administrator online. This service has the ability to display the traffic status in the following ways:
Advanced User Manual
User manual is essential for any product. Ariadezh user manual is fundamentally different from other similar products. This guide is completely practical and scenario based. In order to activate each service, a tested scenario has been presented step by step.
In Ariadezh, there is the ability to check layer 7 traffic via which we can identify application layer protocols and determine the type of traffic allowed to pass through, thereby ensuring that there is no possibility of passing traffic with undesirable protocols.
Types of recognizable protocols:
With the help of this feature, the major events of the firewall are sent via a GSM module to the defined phone numbers.
High Availability (Hardware Failover)
Ariadezh has a system hardware failure detection feature. So that two or more firewalls can be configured as a failover group. If a network interface on the primary firewall is down or the primary firewall is completely down, the secondary firewall is activated. The use of this powerful feature turns Ariadezh into a stable and non-failing firewall. During the automatic transition to the backup version, the network connection will remain active with minimal interruption for users.
In order to balance and not impose an additional load on a server, the Load Balance technique is used. Using this feature, if one server is interrupted, the passing traffic will be spread to other servers. Therefore, using Load Balance will increase system reliability.
virtual private network (vpn)
VPN stands for virtual private network, which literally means virtual private network. VPN is used to securely connect two networks or subnets.
IPsec is an abbreviation for IP Security, which refers to a series of protocols that support the secure exchange of packets in the IP layer.
IPsec is widely used in VPN technology for authentication, confidentiality, integrity, and key management in IP-based networks.
Ariadezh provides a wide range of VPN technologies, from today's SSL VPN to older technologies such as IPsec and L2TP. Site-to-Site and Roadwarriar settings can be done in minutes with the export feature of user settings.
Intrusion Detection and prevention (IDS/IPS)
IDS and IPS technologies analyze network traffic in more detail than a firewall. Similar to antivirus systems, IDS and IPS tools analyze traffic and compare each packet with a database of known attack profiles. When attacks are detected, these tools kick in and notify authorities of an attack, tools go one step further and automatically block malicious traffic. The IPS component in Ariadezh defends the network in two steps:
By detecting abnormal behavior in the network, it prevents DDOS attacks and occasional scanning.
By using the pattern of attacks, it deals with attacks such as Backdoors and Exploits.
One of the required features in the network is a traffic sharing feature. This feature of traffic bandwidth is allowed to control the links. In fact, by using this feature, you give your data and traffic the maximum speed or you can apply restrictions on the traffic sent.
Traffic distribution in Ariadezh is very flexible and is organized around pipes, queues, and related rules. Pipes define virtual bandwidth, queues can be used to prioritize traffic within each pipe, and finally, rules are used to form a specific packet flow. Traffic sharing rules are independent of firewall rules and other settings.
Network Address Translation
Full support for NAT feature:
Modes of Deployment
Ariadezh product has different deployment statuses, including:
In order to prevent unauthorized access and possible misuse, Ariadezh product supports two levels of authentication. Network traffic authentication (Data Plane) and system user interface authentication. Authentication of network traffic allows the identification of the user sending the traffic so that the user is allowed to send the traffic if he/she has been authenticated before. User interface authentication is used to prevent unauthorized access to the management panel.
Support for different versions of SNMP protocol
web and FTP Proxy
You can use this service to control and monitor http, https, ftp traffic. The proxy provided by Ariadge has facilities such as batch web-filtering and access control. This service can run in transparent mode. With the combination of proxy, firewall and captive portal, you can have a very good monitoring of users and their actions, in such a way that users' access can be controlled by captive portal, and http and https traffic can be controlled by proxy. For example, it is possible to limit a user's access to a website or address. It is also possible to integrate this feature with antiviruses that have an ICAP interface.
Static routing: With this feature, the network administrator can define routing based on the destination IP.
Policy-based routing: In this method, routing can be defined based on other components of an IP packet, such as source IP, source port, and destination. This feature enables routing with the help of firewall rules. Each firewall rule allows the selection of a gateway port, and if no port is selected, the flow passes through the default port or according to the routing table.
Dynamic routing: Here, various dynamic routing protocols such as OSPF, BGP, and RIP can be configured and used.
Management of Network Interfaces
In this section, there are elements of allocation, adjustment, and control of network interfaces. Types of network interfaces:
Application layer protocol Inspection
Since the secure storage of sensitive data such as cryptographic keys is a serious challenge. The presence of native Ariaki tokens associated with Ariadezh can satisfy many security concerns with the presence of foreign hardware. Also, in addition to secure data storage, this token has the possibility of symmetric encryption.
simultaneous High Availability and Load Balancing
With this feature, the probability of the firewall and servers in the network being interrupted is as low as possible.
Full support for DHCP service in the following situations:
Block HTTP and HTTPS sites
Here, it is possible to block these websites through IPS. The difference between this blocking and the use of web proxy is that the blocking is done at gigabyte speed and without decoding HTTPS traffic.
In this section, we can define and manage different users and groups.
The possibility of using and adding a list of IP addresses based on their geographical location. This allows traffic to be blocked or passed based on the country of origin or destination of the traffic. This database is constantly being updated.
Managing firewall rules is not an easy task. Using aliases you can list various IPs, hosts, networks, or port numbers in a group for use in firewall rules. Aliases are the definition section of the external firewall.
Here you can control and monitor the traffic volume and bandwidth consumption of users.
H.323 and SIP Proxy
Ariadezh can act as a gateway or proxy for H.323 protocol. This feature allows more control over VOIP traffic in the network. It can also solve the issues and problems that H. 323 and SIP have in public firewalls.