What is SHIELD?

Shield is an Open source Unified Threat Management solution that targets the security needs for Home / SOHO / and SMB segments. The solution provides an Advanced State full Firewall integrated with L7 Application Control, Intrusion Prevention, SSLVPN, IPsec VPN, Web filtering, and User Authentication functionalities. The unified security policies management layer of Shield enables users to manage their security needs with ease!

Firewall

  • State full Firewall with connections tracking capabilities
  • Dynamic/Static NAT, Port forwarding
  • Prevention of DOS, DDOS & IP Spoofing
  • Bandwidth Control
  • Multicast Forwarding
  • TCP Syn Cookies
  • MAC Filtering
  • QOS/Diffserv marking
  • Content Filtering - Blocking Java/ActiveX/Proxy/Cookies
  • L7 Application Control with 70+ protocols support
  • Transparent Firewall/Routed Firewall mode
  • Use of Policy Objects for Firewall/NAT Policies Configuration
  • Support for multiple firewall zones & zone based security policies

IPS

  • Snort 2.9 based Intrusion Prevention enabling both Signature based Detection and Detailed Protocol Decoders.
  • Support for Custom Signatures with Intuitive signature configuration wizard
  • Supporting signatures from Emerging threats/Snort VRT

SSLVPN

  • OpenVPN based SSLVPN Solution - Access Gateway Mode & P2P Mode Support
  • Locally managed SSLVPN Client Profiles
  • Two factor Authentication enabling Password/Certificates based Authentication for SSLVPN Clients
  • Use of Pre-shared Keys/Certificates for P2P Authentication
  • TCP/UDP Based Tunnels
  • AES/DES/BF/CAST5/RC2 Encryption
  • Traffic compression
  • Tunnel All Traffic mode support on the client side
  • Support for Mobile VPN Clients
  • Easy to use VPN User Profiles/P2P Policies Configuration.

IPSec

  • Tunnel/Transport Mode
  • IKE Exchange - Main/Aggressive/Base mode
  • DES/3DES/Blowfish/Cast128/AES Encryption
  • MD5/SHA Digest
  • Pre-shared Keys/Certificates Authentication
  • IKE/Diffe Hellman Group
  • AH/ESP Support
  • IPSec/PFS Group Support
  • Traffic Compression
  • Dead Peer Detection

Web Filtering

  • Web filtering with Squid Proxy – Support for URLs/Regular expression-based Filtering
  • Category-based Filtering with URL Blacklist Freeware service
  • Users/User Groups based Web filtering Policies
  • SSL Proxy
  • Explicit/Transparent Proxy mode support
  • Limiting Http connections per Network/Users/User Groups
  • Filtering based on Web request/response size
  • SSL Control
  • User Authentication
  • Localization Support for Web filtering Blocking Pages

Network

  • DHCP
  • DNS
  • Static Routes
  • Virtual IP
  • DDNS
  • VLAN/801.q
  • Multiple Firewall Zones/Port Mapping
  • PPPoE Support

Device Management

  • WebUI accessible via SSL
  • NTP
  • SNMP v1/v2/v3 Support
  • Syslog
  • Provision to update firmware via WebUI
  • Factory Reset
  • Diagnostic Utilities
  • Certificates Management for Web Proxy/SSLVPN/IPSec Services

Reports

  • Log viewer for accessing Syslog logs/Security Alerts
  • Firewall Connections Monitoring
  • DHCL Clients Status
  • VPN Connections Monitoring
  • Graphical reports on System Resources Usage/FW
  • Connections Monitoring/IPS Alerts
  • Web filtering Reports