ShareTech HiGuard Series UTM firewall offers an completed security appliance. It is the best suited to deployments in retail stores, branch offices, and smaller business environments. With ShareTech HiGuard solution, IT admin deploys faster, save physical space and allow businesses to reduce IT costs. A rich set of security services can deliver protection to the smallest unit of an organization.

Basic firewall

• Routing: Supports static/dynamic route, designated gateway group, and default gateway.
• IPv4/v6: Supports IPv4, IPv6, and IPv4/IPv6 dual-stack. Admins can quickly swap between at the click of a button.
• IEEE VLAN 802.1Q: The Intranet can be divided into multiple segments, isolating different traffic logically.
• GEO IP: Geo IP restriction allows admins to configure a geolocation-based policy by specifying source and destination locations.
• Network Services: ShareTech HiGuard Series supports DHCP, DDNS, SNMP, and DNS Proxy.
• Denial of Service (DoS) and Distributed Denial of Service (DDoS) prevention: TCP SYN flood attacks, UDP flood attacks, and ICMP flood attacks can all be mitigated by blocking bad bot traffic before it reaches the targeted site.
• VPN: Supports IPSec, PPTP, L2TP VPN, SSL VPN, and IP Tunnel.
• SD-WAN: SD-WAN can combine from the designated gateway or VPN tunnels, enable optimized traffic routing over multiple transport links, and select a route for applications based upon configured policies and priorities.
• IP Tunnel: A secure VPN can be created via IP Tunnel between two ShareTech UTMs, and traffic passed through the VPN can be monitored.
• Auto IPSec VPN: To create an IPSec VPN between two sites having massive/dynamic IP addresses, Auto VPN can reduce the complexity of deployment and increase stability.
• Loggings: ShareTech HiGuard XI includes loggings for system operation and status, wizard, configuration, networking, policies, objects, services, advanced protection, IPS, email security, VPN, etc.

Network & Email protection

• Clam AntiVirus: ShareTech HiGuard XI supports ClamAV, an open-source anti-virus engine that detects millions of trojans, viruses, malware, and other malicious threats.
• Intrusion Prevention System (IPS) & Signature Database: ShareTech HiGuard XI supports IPS that proactively detects intrusion behaviors and matches the signature database. IPS Protection’s severity level is defined as LOW, MEDIUM, and HIGH.
• Sandstorm: ShareTech HiGuard Series supports Sandstorm IP.
• Anomaly IP Analysis: Flow/behavior-based anomaly detection allows both up and down sessions to be analyzed. An anomaly can be blocked, recorded, and notified to subscribers.
• Email Filtering & Logging: ShareTech HiGuard X / XI supports email scanning for viruses, queries on SMTP communication logs, infected email quarantine, and queries on email logs.

Web protection

• Transport Layer Security (TLS): TLSv1.3 inspection on IPv4 and IPv6.
• Deep packet inspection (DPI): DPI is a form of packet filtering that locates, classifies, and reroutes packets. It has higher detection accuracy than port-based TCP/UDP.
• WEB Service: HiGuard XI supports HTTPS scanning in Anti-Virus, SSL certificate installation, loggings for HTTPS proxy action, and certificate allowlist.
• URL Filtering: A third-party database sorts malicious URLs into six categories. Users can renew the license to get real-time updates or periodically apply firmware upgrades for free updates.
• Application Control: A third-party database sorts applications into 17 categories. Users can renew the license to get real-time updates or periodically apply firmware upgrades for free updates.

Access control & flow management

• Authentication: The system can authenticate users with accounts on hosts, POP3/IMAP, Radius, and AD servers. Admins can add users to groups, view logs, and get status information.
• Two-Factor Authentication (2FA): Two-factor authentication can add an additional layer of login security to user accounts, authentication, and SSL VPN access. Users can download mobile security apps (Google/Microsoft authenticator) to generate codes for 2FA.
• Load Balance: Inbound and outbound can be reviewed to make sure traffic patterns are expected. Admins can set up traffic rules in priority order so that all traffic can be evenly distributed among multiple WAN links.
• QoS: Ensure an adequate bandwidth for high-priority tasks and applications, maximum bandwidth limits, and priority levels.

Intranet protection

• Switch Co-Defense: Common SNMP switches and advanced L2/L3 switches (a topology included) can be centrally managed. Zyxel switches support IP Source Guard (static IP-MAC-Port binding) to perform DHCP Snooping. Moreover, the PoE schedule can be configured via UTM to manage power consumption.
• AP Management: It displays the status of AP and online users. Quick deployment (config files) can be delivered for large numbers of access points.
• Intranet Protection: ARP spoofing prevention, IP & MAC spoofing prevention, notification, and block status.

Central orchestration

• Cloud-Based service system (Eye Cloud): ShareTech-branded devices can be remotely monitored and efficiently maintained. Multi-region Wireless APs and switches can be accessed via UTMs as well. HQ admins can customize tasks based on sites and then select UTM series, devices, config files/firmware, and intervals. Tasks can be published and targeted to relevant locations in real-time. (Supported version: HX v9.0.2.3 or above)
• Client-Side CMS: HiGuard Series supports regularly passing data from the client side to the server side. The system makes periodic backups (config file) automatically.
• Dashboard: A real-time Dashboard reporting module can be purchased in the HiGuard Series, showing a graphical presentation of the current status.

Others

• Operation Mode: Transparent Bridge, Transparent Routing, and NAT.
• Operation Management Interface: Management interface and Dashboard GUI (optional module for HiGuard Series).
• Diagnostic Tools: Standard net tools such as Ping, Traceroute, DNS lookup, and port scanners are available to help users identify and fix connection problems. Test widgets like IP Route, Wake Up, SNMP, and IPv6 tools can test your connection and readiness.
• Remote Log Server: Log data can be forwarded in the Syslog format to a remote Syslog server that receives, categorizes and stores log messages for advanced analysis.
• Initial Setup Wizard: The wizard simplifies the configuration process by setting up LAN, WAN, URL Blacklisting, Security Settings, and Email Management.
• Distributed administration: Authority can be delegated to one or more administrators, such as Admins and assistant admins. Admins can assign three types of privileges (READ, WRITE, and ALL privileges).
• Custom Password Policy: Password length and complexity requirements, unable to reuse old passwords, and change passwords at regular intervals.
• Interrupt: Hardware interrupts (via CPU) and software interrupts (via ZONE) are supported, allowing the CPU to perform specific tasks. IT administrators can optimize system performance and troubleshoot issues more effectively.
• Offline Signature Update via USB drives: ShareTech HiGuard X / XI supports the following items: IPS, the default APP&URL Blocklistings, ClamAV, and Sandstorm IP.
• E-Bulletin Board: ShareTech HiGuard supports the bulletin board to ensure all users read important messages before accessing a webpage.
• High Availability (HA): HiGuard X / XI supports Hot-Standy (Active-Passive) mode.

ShareTech HiGuard Series UTM Firewall: ShareTech HiGuard X, XI, V, VI.

Let contact SLA – a authorized distributor of ShareTech in Vietnam for more details. We supply the cybersecurity solution and implementation completely to your IT system.