FasterUP Unified Threat Management Features​
  • Network Intrusion Detection System (NIDS) engine
  • Network Intrusion Prevention System (NIPS) engine
  • Network Security Monitoring (NSM) engine
  • Off line analysis of PCAP files
  • Advanced integration with Linux Netfilter firewalling
  • Traffic recording using pcap logger
  • Unix socket mode for automated PCAP file processing
  • Linux
  • FreeBSD
  • OpenBSD
  • macOS / Mac OS X
  • Windows
  • YAML, XML config files – human and machine readable
  • well commented and documented
  • support for including other files
  • Scalable flow engine
  • Full IPv6 support
  • Tunnel decoding
  • Teredo
  • IP
  • IP
  • IP6
  • IP4
  • IP4
  • IP6
  • GRE
  • TCP stream engine
  • tracking sessions
  • stream reassembly
  • target based stream reassembly
  • IP Defrag engine
  • target based reassembly
  • Support for packet decoding of
  • IPv4, IPv6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE
  • Ethernet, PPP, PPPoE, Raw, SLL, VLAN, QINQ, MPLS, ERSPAN
  • App layer decoding of:
  • HTTP, SSL, TLS, SMB, DCERPC, SMTP, FTP, SSH, DNS, Modbus, ENIP/CIP, DNP3, NFS, NTP, DHCP, TFTP, KRB5, IKEv2
  • New protocols developed in the Rust language, for safe and fast decoding.
    t
  • Stateful HTTP parser built on libhtp
  • HTTP request logger
  • File identification, extraction and logging
  • Per server settings
  • limits, personality etc
  • Keywords to match on (normalized) buffers:
  • uri and raw uri
  • headers and raw headers
  • cookie
  • user
  • agent
  • request body and response body
  • method, status and status code
  • host
  • request and response lines
  • decompress flash files
  • and many more
  • Protocol keywords
  • Multi-tenancy per vlan or capture device
  • xbits – flowbits extension
  • PCRE support
  • substring capture for logging in EVE
  • fast_pattern and prefilter support
  • Rule profiling
  • File matching
  • file magic
  • file size
  • file name and extension
  • file MD5/SHA1/SHA256 checksum – scales up to millions of checksums
  • multiple pattern matcher algorithms that can be selected
  • extensive tuning options
  • live rule reloads – use new rules w/o restarting Suricata
  • delayed rules initialization
  • Lua scripting for custom detection logic
  • Hyperscan integration
  • Eve log, all JSON alert and event output
  • Lua output scripts for generating your own output formats
  • Redis support
  • HTTP request logging
  • TLS handshake logging
  • Unified2 output – compatible with Barnyard2
  • Alert fast log
  • Alert debug log – for rule writers
  • Traffic recording using pcap logger
  • Prelude support
  • drop log – netfilter style log of dropped packets in IPS mode
  • syslog – alert to syslog
  • stats – engine stats at fixed intervals
  • File logging including MD5 checksum in JSON format
  • Extracted file storing to disk, with deduplication in the v2 format
  • DNS request/reply logger, including TXT data
  • Signal based Log rotation
  • Flow logging
  • per rule alert filtering and thresholding
  • global alert filtering and thresholding
  • per host/subnet thresholding and rate limiting settings
  • High performance capture
  • AF_PACKET
  • experimental eBPF and XDP modes available
  • PF_RING
  • NETMAP
  • Standard capture
  • PCAP
  • NFLOG (netfilter integration)
  • IPS mode
  • Netfilter based on Linux (nfqueue)
  • fail open support
  • ipfw based on FreeBSD and NetBSD
  • AF_PACKET based on Linux
  • NETMAP
  • Capture cards and specialized devices
  • Endace
  • Napatech
  • Tilera
  • fully configurable threading – from single thread to dozens of threads
  • precooked “runmodes”
  • optional CPU affinity settings
  • Use of fine grained locking and atomic operations for optimal performance
  • Optional lock profiling
  • loading of large amounts host based reputation data
  • matching on reputation data in the rule language using the “iprep” keyword
  • live reload support
  • supports CIDR ranges
  • VPN Server
  • High Availability
  • Load Balancing
  • Traffic Shaping
  • Captive Portal
  • UTM Device
  • Firewall / Router
  • DNS / DHCP Server
  • IDS / IPS
  • Transparent Caching Proxy
  • Web Content Filter
  • And more
  • Local user and group database
  • User and group-based privileges
  • Optional automatic account expiration
  • External RADIUS authentication
  • Automatic lockout after repeated attempts
  • Stateful Packet Inspection (SPI)
  • GeoIP blocking
  • Anti-Spoofing
  • Time based rules
  • Connection limits
  • Dynamic DNS
  • Reverse proxy
  • Captive portal guest network
  • Supports concurrent IPv4 and IPv6
  • NAT mapping (inbound/outbound)
  • VLAN support (802.1q)
  • Configurable static routing
  • IPv6 network prefix translation
  • IPv6 router advertisements
  • Multiple IP addresses per interface
  • DHCP server
  • DNS forwarding
  • Wake-on-LAN
  • PPPoE Server
  • IPsec and OpenVPN
  • Site-to-site and remote access VPN support
  • SSL encryption
  • VPN client for multiple operating systems
  • L2TP/IPsec for mobile devices
  • Multi-WAN for failover
  • IPv6 support
  • Split tunneling
  • Multiple tunnels
  • VPN tunnel failover
  • NAT support
  • Automatic or custom routing
  • Local user authentication or RADIUS/LDAP
  • Snort-based packet analyzer
  • Layer 7 application detection
  • Multiple rules sources and categories
  • Emerging threats database
  • IP blacklist database
  • Pre-set rule profiles
  • Per-interface configuration
  • Suppressing false positive alerts
  • Deep Packet Inspection (DPI)
  • Optional open
  • source packages for application blocking
  • HTTP and HTTPS proxy
  • Non Transparent or Transparent caching proxy
  • Domain/URL filtering
  • Anti-virus filtering
  • SafeSearch for search engines
  • HTTPS URL and content screening
  • Website access reporting
  • Domain Name blacklisting (DNSBL)
  • Usage reporting for daily, monthly, etc.
  • Dashboard with configurable widgets
  • Local logging
  • Remote logging
  • Local monitoring graphs
  • Real
  • time interface traffic graphs
  • SNMP monitoring
  • Notifications via web interface, SMTP, or Growl
  • Hardware monitoring
  • Networking diagnostic tools
  • stateful packet inspection
  • Layer-7 protocol detection
  • peer-to-peer protocols filtering
  • traffic classification by:
    • source MAC address
    • IP addresses (network or list) and address types (broadcast, local, multicast, unicast)
    • port or port range
    • IP protocols
    • protocol options (ICMP type and code fields, TCP flags, IP options and MSS)
    • interface the packet arrived from or left through
    • internal flow and connection marks
    • DSCP byte
    • packet content
    • rate at which packets arrive and sequence numbers
    • packet size
    • packet arrival time
    • and much more!

get in touch

Contact us for a personalised offer

7 Soldat Neagu Florea St.
sector 2, Bucharest, Romania
moc.p1714079286urets1714079286af@of1714079286ni1714079286