Home Page

New Products
1U 6P IPS NG-UTM 1U 6P IPS NG-UTM
NGS 1315HE is a network security device that complies with Next Generation UTM specifications. It features high operating efficiency, multiple security protection mechanisms, and hierarchical authorization management. It is the preferred network security and management device for medium and large enterprises. NGS 1315HE has the powerful functions of next-generation firewall, including Deep Packet Inspection (DPI) -based application identification and control, In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, anti-virus, spam filtering, and Supports external authentication integration and other functions, which can prevent hackers from sneaking into malicious attacks or unauthorized access to internal network resources. In addition, NGS 1315HE also supports dual-machine backup mechanism (HA), which can ensure the continuous operation of equipment.
 
NGS 1315HE is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).
 
Balancing performance and functionality
HERHSIANG NGS 1315HE, its hardware platform is carefully designed, using X86 hardware equipment, the purpose is to allow enterprise users to fully feel the security protection features provided by HERHSIANG Next Generation UTM. For customers with high connection capacity requirements, we provide high-performance security modules to improve connection capacity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
There is a shortage of IP v4 addresses, and the age of IP v6 is coming sooner or later, so HERHSIANG has already integrated this trend when developing the next-generation UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. v4 or v6 IP address, so whether it is in a pure v4 environment, a mixed v4 / v6, or a pure v6 environment, NGS 1315HE is the same.

Support SDN controller
Support SDN controller, can make more than 1 port to form ZONE, directly managed by the SDN controller, and ZONE and ZONE packet transmission will also pass NGS 1315HE packet detection. And with VLAN 802.1Q function, it can cut the internal network into several independent sub-network segments, each of which operates independently without interference.


SSL encrypted connection detection
With the ability to detect SSL traffic, when facing SSL-encrypted connection traffic, you can apply intrusion detection defense, gateway anti-virus, content filtering, and application bandwidth control.

Load balancing
Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line to ensure that the internal user network is unblocked. When the line is restored, the packet It will be assigned automatically again. Enterprises can set load balancing rules according to their own needs, and network access can refer to the set rules to implement network traffic load balancing guidance. The algorithms are: automatic allocation, manual allocation, allocation based on source IP, and allocation based on destination IP.


IPS Intrusion Prevention
IPS It will check the content corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs and viruses, hidden in the TCP / IP communication protocol. After detailed content inspection, the qualified feature code will be Mark out, once discovered, you can block the packets immediately, so that these malicious packets through the firewall have nothing to hide.


WAF (Web Application Firewall)
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.


Threat Detection Defense
Provide enterprises with the most complete defense-in-depth mechanism. Today's network attacks cannot rely on a single point of protection but require complete defense-in-depth. Only through different levels of defense technology can there be a way to reduce the potential threats to the enterprise. In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for corporate security protection, Hexiang NGS 1315HE can strengthen the detection of malicious programs for traffic, web pages, and emails. Through the analysis of related security mechanisms , Play the role of defense in depth.

Mail Gateway Protection
The company already has a mail host, but the spam filtering performance is not good. You can use NGS 1315HE as the mail gateway mode to supplement the original mail server's insufficient functions, such as spam filtering and virus filtering. After filtering the virus and advertisement mail through NGS 1315HE, send the clean mail to the mail host.

Virus filtering (optional for Kaba driver anti-virus)
The system provides Clam AV anti-virus engine for free, which can detect more than millions of viruses, worms, and Trojan horse programs. It can automatically scan for viruses in emails, update virus files through the Internet daily, and provide virus mail search condition. The administrator can set the processing method of poisoned mail by himself, including automatic deletion, storage of poisoned mail extension and the subject of poisoned mail notification letter. With the new generation of UTM Kabbah anti-virus engine, customers can purchase and continue to enjoy the Kaspersky anti-virus engine leader with the highest scanning rate and the strongest virus repair.

Spam filtering
Both internal and external mail can be filtered, and ST-IP network letter review, Bayesian filtering, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification are provided. , White list comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without misjudgment. The accuracy rate is more than 95%. Mail filtering, which can forward, delete, and block the letters that meet the filter conditions set by the administrator.

Anomaly IP analysis
Any network behavior, no matter what kind of software the user runs, from the perspective of network packets, it is roughly divided into the number of uploads and downloads (Connect Session), flow (Flow) and duration (Time), by detecting these The combination of the numbers estimates that the user is using the Internet normally or has abnormal behavior. When abnormal behaviors of internal users are discovered, the manager can adopt a variety of strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling a cooperative defense mechanism to notify the switch to block it or notifying the manager.

Bandwidth Management (QoS)
Assist network administrators to control the network, effectively reduce the obstruction of corporate network, improve serviceability and bandwidth usage. With QoS (bandwidth management) function, it can distribute limited bandwidth to all users. The difference from ordinary bandwidth controllers is that in addition to providing maximum bandwidth and priority management, NGS 1315HE also has a guaranteed bandwidth function. And it also has a personalized bandwidth management design, which can be set for individual users. Bandwidth tube  When used with a personalized bandwidth tube, the bandwidth pre-defined by the bandwidth management function can be allocated to users below the enterprise, which can effectively prevent the band from being exclusively occupied by users.

Content filtering
Provide Web Filter (web page filtering) function, can block the access to inappropriate web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and can set filter conditions to block inappropriate websites.

URL database management [optional 3rd party database (optional), Built for 2 years]
The built-in "cloud URL database" automatically categorizes web pages. As long as the administrator can prevent harmful URLs from blocking, it can be easily controlled without having to enter website IP addresses and keywords one by one to block. Clicking on harmful URLs arbitrarily is the source of evil. The best way to prevent blocking is to prohibit the use of the Internet. If it cannot be completely banned, the constantly updated URL database is the best protection mechanism.

Full record of online behavior
Some employees of the company use the Internet during work hours to do non-work-related tasks, with small chats and leaks. NGS 1315HE can not only limit the user's permission to use related applications, but also record related online behaviors, including browsing the web and sending emails. When a company leaks information, the saved information is the best evidence to present as evidence.

Traffic Analysis
Provide traffic analysis tools, whether it is the internal user's computer power on and off, real-time network traffic display, communication protocol allocation and traffic rankings. When the line is full, you can immediately find the traffic killer.

Application management [optional 3rd party database (optional), Built for 2 years]
Not only is it difficult to manage a variety of network applications, it is also easier to become the best channel for data leakage and virus attacks. NGS 1315HE has a variety of built-in application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees' use of application software. Permissions to protect corporate network security.

VPN function
Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users. Through these VPN mechanisms, users can connect to different devices from different locations, including home, external public information service stations, and the Internet, such as laptops, branch offices, business locations, mobile communication devices, or home. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.
1U 14P IPS NG-UTM 1U 14P IPS NG-UTM
NGS 3572HF is a network security device that complies with Next Generation UTM specifications. It features high operating efficiency, multiple security protection mechanisms, and hierarchical authorization management. It is the preferred network security and management device for medium and large enterprises. NGS 3572HF has the powerful functions of next-generation firewall, including Deep Packet Inspection (DPI) -based application identification and control, In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, anti-virus, spam filtering, and Supports external authentication integration and other functions, which can prevent hackers from sneaking into malicious attacks or unauthorized access to internal network resources. In addition, NGS 3572HF also supports dual-machine backup mechanism (HA), which can ensure the continuous operation of equipment.
 
NGS 3572HF is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).
 
Balancing performance and functionality
HERHSIANG NGS 3572HF, its hardware platform is carefully designed, using X86 hardware equipment, the purpose is to allow enterprise users to fully feel the security protection features provided by HERHSIANG Next Generation UTM. For customers with high connection capacity requirements, we provide high-performance security modules to improve connection capacity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
There is a shortage of IP v4 addresses, and the age of IP v6 is coming sooner or later, so HERHSIANG has already integrated this trend when developing the next-generation UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. v4 or v6 IP address, so whether it is in a pure v4 environment, a mixed v4 / v6, or a pure v6 environment, NGS 3572HF is the same.

Support SDN controller
Support SDN controller, can make more than 1 port to form ZONE, directly managed by the SDN controller, and ZONE and ZONE packet transmission will also pass NGS 3572HF packet detection. And with VLAN 802.1Q function, it can cut the internal network into several independent sub-network segments, each of which operates independently without interference.
 

SSL encrypted connection detection
With the ability to detect SSL traffic, when facing SSL-encrypted connection traffic, you can apply intrusion detection defense, gateway anti-virus, content filtering, and application bandwidth control.

Load balancing
Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line to ensure that the internal user network is unblocked. When the line is restored, the packet It will be assigned automatically again. Enterprises can set load balancing rules according to their own needs, and network access can refer to the set rules to implement network traffic load balancing guidance. The algorithms are: automatic allocation, manual allocation, allocation based on source IP, and allocation based on destination IP.



IPS Intrusion Prevention
IPS It will check the content corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs and viruses, hidden in the TCP / IP communication protocol. After detailed content inspection, the qualified feature code will be Mark out, once discovered, you can block the packets immediately, so that these malicious packets through the firewall have nothing to hide.

 
WAF (Web Application Firewall)
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.


Threat Detection Defense
Provide enterprises with the most complete defense-in-depth mechanism. Today's network attacks cannot rely on a single point of protection but require complete defense-in-depth. Only through different levels of defense technology can there be a way to reduce the potential threats to the enterprise. In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for corporate security protection, Hexiang NGS 3572HF can strengthen the detection of malicious programs for traffic, web pages, and emails. Through the analysis of related security mechanisms , Play the role of defense in depth.

Mail Gateway Protection
The company already has a mail host, but the spam filtering performance is not good. You can use NGS 3572HF as the mail gateway mode to supplement the original mail server's insufficient functions, such as spam filtering and virus filtering. After filtering the virus and advertisement mail through NGS 3572HF, send the clean mail to the mail host.

Virus Letter Filter
The system provides Clam AV anti-virus engine for free. It can detect more than millions of viruses, worms, and Trojan horses. It can automatically scan for viruses on emails, automatically update virus files through the Internet daily, and provide virus email search. condition. The administrator can set the processing method of the poisoned mail, including automatic deletion, storage of the poisoned mail extension and the subject of the poisoned mail notification letter. The new-generation UTM has a built-in Kabar anti-virus engine for one year. Customers can choose to continue to enjoy Kaspersky Anti-Virus, the leader in virus scanning and virus repair.

Spam filtering
Both internal and external mail can be filtered, and ST-IP network letter review, Bayesian filtering, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification are provided. , White list comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without misjudgment. The accuracy rate is more than 95%. Mail filtering, which can forward, delete, and block the letters that meet the filter conditions set by the administrator.

Anomaly IP analysis
Any network behavior, no matter what kind of software the user runs, from the perspective of network packets, it is roughly divided into the number of uploads and downloads (Connect Session), flow (Flow) and duration (Time), by detecting these The combination of the numbers estimates that the user is using the Internet normally or has abnormal behavior. When abnormal behaviors of internal users are discovered, the manager can adopt a variety of strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling a cooperative defense mechanism to notify the switch to block it or notifying the manager.

Bandwidth Management (QoS)
Assist network administrators to control the network, effectively reduce the obstruction of corporate network, improve serviceability and bandwidth usage. With QoS (bandwidth management) function, it can distribute limited bandwidth to all users. The difference from ordinary bandwidth controllers is that in addition to providing maximum bandwidth and priority management, NGS 3572HF also has a guaranteed bandwidth function. And it also has a personalized bandwidth management design, which can be set for individual users.若 Bandwidth tube 理 When used with a personalized bandwidth tube, the bandwidth pre-defined by the bandwidth management function can be allocated to users below the enterprise, which can effectively prevent the band from being exclusively occupied by users.

Content filtering
Provide Web Filter (web page filtering) function, can block the access to inappropriate web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and can set filter conditions to block inappropriate websites.

URL database management [optional 3rd party database (optional)]
The built-in "cloud URL database" automatically categorizes web pages. As long as the administrator can prevent harmful URLs from blocking, it can be easily controlled without having to enter website IP addresses and keywords one by one to block. Clicking on harmful URLs arbitrarily is the source of evil. The best way to prevent blocking is to prohibit the use of the Internet. If it cannot be completely banned, the constantly updated URL database is the best protection mechanism.

Full record of online behavior
Some employees of the company use the Internet during work hours to do non-work-related tasks, with small chats and leaks. NGS 3572HF can not only limit the user's permission to use related applications, but also record related online behaviors, including browsing the web and sending emails. When a company leaks information, the saved information is the best evidence to present as evidence.

Traffic Analysis
Provide traffic analysis tools, whether it is the internal user's computer power on and off, real-time network traffic display, communication protocol allocation and traffic rankings. When the line is full, you can immediately find the traffic killer.

Application management [optional 3rd party database (optional)]
Not only is it difficult to manage a variety of network applications, it is also easier to become the best channel for data leakage and virus attacks. NGS 3572HF has a variety of built-in application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees' use of application software. Permissions to protect corporate network security.

Graphical traffic report
Provide web interface traffic reports, draw the system's historical status into charts, so that managers can grasp the current system operating status at any time. NGS 3572HF provides system status charts (including CPU load chart, memory load chart, system load), network traffic chart (LAN traffic, WAN1 ~ WAN13 traffic), and provides query conditions to quickly search the history of each traffic status .
 

VPN function
Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users. Through these VPN mechanisms, users can connect to different devices from different locations, including home, external public information service stations, and the Internet, such as laptops, branch offices, business locations, mobile communication devices, or home. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.
1U 10P + 4P fiber IPS NG-UTM 1U 10P + 4P fiber IPS NG-UTM
NGS 5772HG is a network security device that complies with Next Generation UTM specifications. It features high operating efficiency, multiple security protection mechanisms, and hierarchical authorization management. It is the preferred network security and management device for medium and large enterprises. NGS 5772HG has powerful functions of the new generation firewall, including Deep Packet Inspection (DPI) -based application identification and control, In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, anti-virus, spam filtering and Supports external authentication integration and other functions, which can prevent hackers from sneaking into malicious attacks or unauthorized access to internal network resources. In addition, NGS 5772HG also supports dual-machine backup mechanism (HA), which can ensure the continuous operation of equipment.
 
NGS 5772HG is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).
 
Balancing performance and functionality
The hardware platform of HERHSIANG NGS 5772HG is carefully designed and adopts X86 hardware equipment. The purpose is to allow enterprise users to fully feel the security protection function provided by HERHSIANG Next Generation UTM. For customers with high connection capacity requirements, we provide high-performance security modules to improve connection capacity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
There is a shortage of IP v4 addresses, and the age of IP v6 is coming sooner or later, so HERHSIANG has integrated this trend when developing the next-generation UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time v4 or v6 IP address, so whether it is in a pure v4 environment, a mixed v4 / v6, or a pure v6 environment, the NGS 5772HG is the same.

Support SDN controller
Support SDN controller, can make more than 1 port to form ZONE, directly managed by the SDN controller, and ZONE and ZONE packet transmission will also pass NGS 5772HG packet detection. And with VLAN 802.1Q function, it can cut the internal network into several independent sub-network segments, each of which operates independently without interference.



SSL encrypted connection detection
With the ability to detect SSL traffic, when facing SSL-encrypted connection traffic, you can apply intrusion detection defense, gateway anti-virus, content filtering, and application bandwidth control.

Load balancing
Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line to ensure that the internal user network is unblocked. When the line is restored, the packet It will be assigned automatically again. Enterprises can set load balancing rules according to their own needs, and network access can refer to the set rules to implement network traffic load balancing guidance. The algorithms are: automatic allocation, manual allocation, allocation based on source IP, and allocation based on destination IP.


IPS Intrusion Prevention
IPS It will check the content corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs and viruses, hidden in the TCP / IP communication protocol. After detailed content inspection, the qualified feature code will be Mark out, once discovered, you can block the packets immediately, so that these malicious packets through the firewall have nothing to hide.


WAF (Web Application Firewall)
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.


Threat Detection Defense
Provide enterprises with the most complete defense-in-depth mechanism. Today's network attacks cannot rely on a single point of protection but require complete defense-in-depth. Only through different levels of defense technology can there be a way to reduce the potential threats to the enterprise. In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for corporate security protection, Hexiang NGS 5772HG can strengthen the detection of malicious programs for traffic, web pages, and emails, and analyze the relationship between different security mechanisms. , Play the role of defense in depth.

Mail Gateway Protection
The company already has a mail host, but the spam filtering performance is not good. You can use NGS 5772HG as a mail gateway mode to supplement the original mail server's insufficient functions, such as spam filtering and virus filtering. After filtering the virus and advertisement mail through NGS 5772HG, send the clean mail to the mail host.

Virus Letter Filter
The system provides Clam AV anti-virus engine for free. It can detect more than millions of viruses, worms, and Trojan horses. It can automatically scan for viruses on emails, automatically update virus files through the Internet daily, and provide virus email search. condition. The administrator can set the processing method of the poisoned mail, including automatic deletion, storage of the poisoned mail extension and the subject of the poisoned mail notification letter. The new-generation UTM has a built-in Kabar anti-virus engine for one year. Customers can choose to continue to enjoy Kaspersky Anti-Virus, the leader in virus scanning and virus repair.

Spam filtering
Both internal and external mail can be filtered, and ST-IP network letter review, Bayesian filtering, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification are provided. , White list comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without misjudgment. Mail filtering, which can forward, delete, and block the letters that meet the filter conditions set by the administrator.

Anomaly IP analysis
Any network behavior, no matter what kind of software the user runs, from the perspective of network packets, it is roughly divided into the number of uploads and downloads (Connect Session), flow (Flow) and duration (Time), by detecting these The combination of the numbers estimates that the user is using the Internet normally or has abnormal behavior. When abnormal behaviors of internal users are discovered, the manager can adopt a variety of strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling a cooperative defense mechanism to notify the switch to block it or notifying the manager.

Bandwidth Management (QoS)
Assist network administrators to control the network, effectively reduce the obstruction of corporate network, improve serviceability and bandwidth usage. With QoS (bandwidth management) function, it can distribute limited bandwidth to all users. The difference from general bandwidth controllers is that in addition to providing maximum bandwidth and priority management, the NGS 5772HG also has a guaranteed bandwidth function. And it also has a personalized bandwidth management design, which can be set for individual users.若 Bandwidth tube 理 When used with a personalized bandwidth tube, the bandwidth pre-defined by the bandwidth management function can be allocated to users below the enterprise, which can effectively prevent the band from being exclusively occupied by users.

Content filtering
Provide Web Filter (web page filtering) function, can block the access to inappropriate web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and can set filter conditions to block inappropriate websites.

URL database management [optional 3rd party database (optional)]
The built-in "cloud URL database" automatically categorizes web pages. As long as the administrator can prevent harmful URLs from blocking, it can be easily controlled without having to enter website IP addresses and keywords one by one to block. Clicking on harmful URLs arbitrarily is the source of evil. The best way to prevent blocking is to prohibit the use of the Internet. If it cannot be completely banned, the constantly updated URL database is the best protection mechanism.

Full record of online behavior
Some employees of the company use the Internet during work hours to do non-work-related tasks, with small chats and leaks. NGS 5772HG can not only restrict the user's permission to use related applications, but also record related online behaviors, including browsing the web and sending emails. When a company leaks information, the saved information is the best evidence to present as evidence.

Traffic Analysis
Provide traffic analysis tools, whether it is the internal user's computer power on and off, real-time network traffic display, communication protocol allocation and traffic rankings. When the line is full, you can immediately find the traffic killer.

Application management [optional 3rd party database (optional)]
Not only is it difficult to manage a variety of network applications, it is also easier to become the best channel for data leakage and virus attacks. NGS 5772HG has a variety of built-in application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees' use of application software. Permissions to protect corporate network security.

Graphical traffic report
Provide web interface traffic reports, draw the system's historical status into charts, so that managers can grasp the current system operating status at any time. NGS 5772HG provides system status charts (including CPU load chart, memory load chart, system load), network traffic chart (LAN traffic, WAN1 ~ WAN13 traffic), and provides query conditions to quickly search the history of each traffic status .
 


VPN function
Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users. Through these VPN mechanisms, users can connect to different devices from different locations, including home, external public information service stations, and the Internet, such as laptops, branch offices, business locations, mobile communication devices, or home. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP


Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.
MD 1U Mail Server MD 1U Mail Server
Decentralized mail architecture
For companies, institutions, or schools that provide multi-site or high-traffic e-mail needs, it can speed up mail delivery and communication. The database, account number, and e-mail communication records between the main and auxiliary machines will be synchronized with each other through encrypted channels. For the communication records of all mails, whether it is outbound, inbound or internal mails of each outbound point, will be aggregated into the database of the mail service of the computer center, in case you want to query The communication records of the mails are all based, and the mail hosts of the external point (slave) all receive and send mails from the local mail host. There is no need to wait for the reply from the remote host, which speeds up the processing speed of the mail and has remote backup Aid mechanism function.
Support IPV4 / IPV6 address
The built-in IPV4 / V6 dual-frequency DNS server provides the functions required for a complete DNS service. For example, DNS forward check, reverse check, A, AAAA records, etc., solve the inconvenience and trouble of the administrator to set up the DNS server.
  
Easy to install
All management items of MDispersion H168 can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.
  
Home details
The MDispersion H168 homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Multi-domain independent mail system function
MDispersion H168 has a multi-domain independent mail system function (multi-DOMAIN). In addition to setting the domain name of its parent company, if it also needs to receive other branch domain name letters at the same time, you can enter other domain names on the system. There is no limit to the number of multi-domain names, which allows the enterprise mail system to have multiple mail domain aliases at the same time.

Exclusive IOS & Android Mail App
MDispersion H168 provides a dedicated App sending and receiving program, which is synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G, allowing you to keep track of mail messages at any time.





Mail firewall
Through anomalous traffic detection, authentication anomaly detection, authentication and sender confirmation, you can perform in-depth email detection and filter out email threats that traditional firewalls cannot intercept. All advertising spam letters, massive email attacks, and Trojan horses. , Dictionary attacks or hacking attacks, etc., can be filtered through the mail firewall layer by layer to protect the security of corporate mail operations.

Mail Gateway Protection
High-efficiency spam filtering function. The Mail Gateway solution that can be safely deployed in the front of the mail server. It uses OS64 3.0 technology and multiple layers of mail scanning mechanisms to effectively block increasing spam, viruses, malicious mail, springboards, and phishing. Threats such as email and spyware sending help companies effectively manage email security protection and improve email service quality.

Multi-layer spam filtering mechanism
MDispersion H168 mail server has built-in gray list, fingerprint identification, black and white list setting, IP address anti-decryption verification, SPF verification, sender abnormality verification, DKIM verification function, and has text link filtering and abnormal sending Detection and protection mechanism, which can filter and parse the URL of the message body, and detect and scan compressed archives (ZIP / RAR). Any irregularity can be filtered or blocked, which can greatly reduce the threat from email threat .

Smart Spam Learning Mechanism
Phishing email attacks and infiltration methods have been continuously improved, from emails, pictures, file archives, web page advertisements, system vulnerabilities to encrypted ransomware. MDispersion H168 uses advanced tools (smart learning) to interpret all incoming and outgoing email data and analyze the threats that may be hidden in it. For example, use the spam classification engine to automatically learn the letter characteristics of SPAM and HAM to help identify thousands of malicious programs or viruses. MDispersion H168 will deal with the complex problem of email. Through the concept of interconnection and data sharing, the email data will be transmitted through the cloud intelligent learning system to prevent and track the source of malicious attacks.

Sandstorm malware filtering mechanism
Advanced Sandstorm can effectively detect unknown advanced malware attachments, such as common Microsoft, Word, Excel, Power Point or PDF; or targeted phishing emails, or even compressed files, such as common ZIP and RAR, Sandstorm defense Before scanning Spam or Virus for corporate email, first compare the suspicious attachments and isolate the problematic letters, so that the hidden malicious programs can take shape and avoid affecting user email reception.

Ransomware protection
Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. The MDispersion H57TA email system provides a URL body link filtering database, which breaks through the general filtering against the sender's source IP or domain. MDispersion H168 plus the body IP and domain can effectively prevent ransomware attacks.

Virus Letter Filter
Built-in two sets of anti-virus engines, Calm AV anti-virus engine (free) and Kaspersky (optional). Anti-virus software Clam AV can detect more than 4 million types of viruses, worms, and Trojans. No matter email, WEB, or FTP, it will automatically scan for viruses, update virus files automatically through the Internet daily, and provide rankings of virus messages Leaderboard report. Automatically check for virus patterns daily. Kaspersky Anti-Virus provides enterprise-class network security protection against viruses, malware, spam, and other threats, taking into account performance and detection.

SPF and DKIM authentication mechanism
SPF sender source verification can filter out letters from illegal hosts forged by legitimate domains; DKIM domain verification emails can be used to prevent email content from being tampered with. When sending the mail, the server signs the mail with the private key, and confirms the public key data recorded above with the sender's domain through DNS. It can be paired successfully with the private key, which means that the mail was indeed sent by the original sender. Both the receiving end and the sending end can use DKIM authentication to prevent spammers from spamming, sending spam letters through fake mail senders and fake private key signatures.

Message Encryption (TLS) for secure message delivery
The MDispersion H168 mail server supports TLS (all MDispersion models). When users send and receive mail through SMTP, POP3, or IMAP, the mail will be transmitted using TLS encrypted connection, allowing mail data to be transmitted between personal devices and mail hosts. In this way, it is possible to securely prevent theft from being encrypted.

"Mail Security Signature" Identity Authentication Mechanism
Most hacking methods will steal the recipient's letter, fake the sender's reply scam, and in order to make the recipient reply to the letter for verification and not be received by the original sender, the sender's name will be partially changed. , So that the recipient is deceived without any doubt about him. MDispersion H168 mail security seal, provide personal verification seal and develop a seal icon, so that after receiving the letter, the recipient can return to the sending mail host through the link to confirm the original letter content, and check the confirmation letter sent Whether the content is consistent and consistent with the content.

Email content audit filtering
Automatically filter and scan emails in accordance with corporate regulations or internal rules of the organization to detect inappropriate email behavior. Not only can scan the complete message content, but also perform keyword scanning for individual domains where the message is sent (outbound, inbound, outbound), and for filtering methods that meet the filtering conditions such as quarantine, delete, block sender IP, and send notification Letters, carbon copies, etc. can help system administrators comply with regulations inside and outside the enterprise.

Personal data filtering protection
In order to respond to the protection of personal information laws, provide the filtering function of personal information filtering, and perform filtering audit settings for sensitive personal information. Administrators can directly choose to check the identity card number, credit card number, phone number, mobile phone number, date of birth Wait for filtering conditions for control.

Mail log function backup
For all the mail entering or leaving the mail server or mail gateway, along with the enclosing file, all the records are recorded, the user's computer letters are not visible, and can be forwarded to the user by the recorder, and can be automatically backed up to the network neighborhood or FTP Server, and provide corresponding fields for quick query and intercept reason query, which can help managers understand the status of mail exchanges. Quickly search and read email data backed up externally. The most important thing is that the format of the stored email is eml, which can be easily read or searched under any operating system.

Painless transfer of letters
With the function of automatic account creation, the original mail host account and letter can be automatically converted. The administrator does not need to re-enter the account number and password, which reduces the trouble of new and old mail host replacement and account creation. In addition to automatic account creation / transfer settings, it also provides user account manual creation and AD account integration modes.

Decentralized management and management
According to the decentralization and decentralization policy of the enterprise department, the authority and management items for each administrator to log in to the management interface can be defined, including mail records, user management, system management, log query, audit management, traffic statistics, POP3 proxy, etc.

Various statistical reports
Provide diversified and easy-to-read statistical report information-including various kinds of statistics including traffic rankings, POP3 traffic rankings, personal reports, user traffic rankings, letter type distribution, audit isolation rankings, equipment dangerous password rankings, spam source rankings, etc. Auxiliary charts, and can set the chart column.

Dual-machine (HA) and remote backup function
"Creating a never-ending network", dual-machine backup allows the main mail host of an enterprise to stop working when there is an abnormal operation. The backup mail host will automatically take over as the main mail host, allowing the corporate mail host to stay on for 24 hours. working normally. The off-site backup is to set up a dedicated mail host in the head office and the branch office. When the mail host fails in any place, the system can automatically switch to another host to keep it running. There are interruptions, and truly offsite backup services are available.



POP3 proxy
In addition to the company's email account, users may have other important accounts in use. To grasp the latest information, they often need to log in to different browser pages to collect the letters all at once. In order to save users the time and convenience of receiving mails, the HERHSIANG mail server provides the function of POP3 proxy. All the mails can be collected by the local account, and users can also set their own POP3 proxy function through Webmail interface.

Oversized attachment sending function
MDispersion H168 decentralized architecture mail server mail sending method, eliminates the problem of capacity limitation. Adopts the method of downloading the mail attachment file with a super download. When the sender's sending capacity exceeds the administrator's setting, the user receives When you send a letter, you can quickly download the file in http or encrypted mode (https).

New Webmail
HERHSIANG mail server has built-in Outlook like Webmail, which is similar to Outlook express style user interface, which is convenient for users to use immediately. You can browse, compose, and send and receive emails directly through any browser (http or https). The connection transmission process is protected by encryption to ensure the security of email communication.

Push Mail
With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? MDispersion H168 mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.
  
Newsletter delivery system
E-newsletters are an indispensable marketing tool for business operations. Many new products are often listed on the company. Of course, the publicity of old products is not a problem. In the past, most new product descriptions were sent to customers by email. Sending by e-newsletter is time-saving and convenient.

Webmail folder sharing (cloud disk)
MDispersion H168 mail host cloud hard disk provides a space for all users to share, users can share information, briefing materials, technical documents, market information, etc., through the interface can quickly upload or download files, and classify these files, which Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Webmail 2-step verification
Users can steal passwords by using the same password on multiple websites, downloading software over the Internet, and clicking links in email messages. MDispersion H168 Webmail uses a two-step verification mechanism to ensure account security through LINE notification verification or backup email. Even if a bad person steals your password, 2-step verification still keeps your account secure.

Co-signed files (mail disclaimer)
For the mail sent by the company, the company's common signature file (including the mail disclaimer) can be automatically annotated, and different content can be set according to different domain names, and the administrator can set the content of the signature file, and the account without the shared signature file With IP address.

Outlook address book, Google calendar synchronization integration
Allows users to synchronize the use of webmail and outlook contact list (including groups), MDispersion H168 provides Outlook Connector communication synchronization integration function, whether you use it in Outlook or Webmail interface, you can quickly and regularly synchronize with each other, allowing you to E-mail is easier and more convenient to use. MDispersion H57TA mail server calendar can be integrated with Google Calendar, all schedules can be viewed on the same page, and meetings, work or private leisure time can be easily arranged.

Personal calendar
Webmail's easy-to-use calendar tool also helps you manage daily events and calendars. And provides a group calendar function, so that you can also grasp all department-related activities at the same time. MDispersion H57TA Webmail calendar not only has a web version of operating settings, but also provides APP applications (including IOS and Android), the two can be synchronized schedule.

Simple management
Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close the remote control service of ping / http / https at will. Also provides a variety of network testing tools, including PING, Traceroute, DNS query, Port query and other tools.

Encrypted mail compression (full email or attached file)
The MDispersion H168 mail host allows enterprises to provide a more secure operating structure for gateways and terminals under the existing mail system architecture. Managers can convert entire .eml emails to encrypted PDF files for specific personnel, or only encrypt and compress the attachments of their emails to ensure that emails are stolen during transmission and leak important information. The recipient can use a PDF reader when receiving the email, and enter the password to view the original email content, including of course the attached attachment file.

System backup and restore
For the set backup content, the backup is performed at a specified time. It is more convenient to directly use the USB slot on the HERHSIANG mail server interface for backup, making it easier for the administrator to maintain. After using USB HDD for full machine backup, if the local system hard disk fails, select the USB backup system hard disk to be used when booting, and the whole machine will return to the state before the backup, which can replace the tape drive to the system. Do permanent storage.

Hardware specifications
DDRIII-RAM: 4GB
SATA-III HDD: M2 SSD 500GB*1 and system backup disk HDD 500GB*1
USB 3.0 Port: 2
Number of people: Unlimited
System Management
Management settings using a browser (HTTPS)
Supported Service Agreement
ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS
OnBoard web interface
1 LAN / 1 HA (All Giga Port)
Use environment
Operating environment temperature: 0 ~ 60 ° C / Operating environment humidity: 5% ~ 95%
Safety certification
FCC, CE, UL, cUL
Model size
385mm (D) x 145mm (H) x 565mm (W)
Power Supplier
Input power: 100 ~ 250 VAC (manual switching) / Power supply: 250 Watts / Power on automatically starts
Placement: rack

HM Mail Server (30U) HM Mail Server (30U)
Support IPV4 / IPV6 address
The built-in IPV4 / V6 dual-frequency DNS server provides the functions required for a complete DNS service. For example, DNS forward check, reverse check, A, AAAA records, etc., solve the inconvenience and trouble of the administrator to set up the DNS server.
 
Easy to install
All management items of HMail P30 can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.
 
Home details
HMail P30 homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Mail firewall
Through anomalous traffic detection, authentication anomaly detection, authentication and sender confirmation, you can perform in-depth email detection and filter out email threats that traditional firewalls cannot intercept. All advertising spam letters, massive email attacks, and Trojan horses. , Dictionary attacks or hacking attacks, etc., can be filtered through the mail firewall layer by layer to protect the security of corporate mail operations.

Ransomware protection
Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. HMail P30 mail system provides a URL text filtering database, which breaks through the general filtering against the sender's source IP or domain. HMail P30 plus the IP and domain in the text can effectively prevent ransomware attacks.

Message Encryption (TLS) for secure message delivery
The HMail P30 mail server supports TLS. When users send and receive mail through SMTP, POP3, or IMAP, the mail will be transmitted using TLS encrypted connection. When the mail data is transmitted between the personal device and the mail host, it can be reliably encrypted Stolen from it.

System backup and restore
For the set backup content, the backup is performed at a specified time. It is more convenient to directly use the USB slot on the HERHSIANG mail server interface for backup, making it easier for the administrator to maintain. After using USB HDD for full machine backup, if the local system hard disk fails, select the USB backup system hard disk to be used when booting, and the whole machine will return to the state before the backup, which can replace the tape drive to the system. Do permanent storage.

Mail record backup
For all the mail entering and leaving the mail server, along with the enclosing file, all the records are recorded, and it can be automatically backed up to the network neighbor or FTP server at regular intervals, and the corresponding fields are provided for quick query and interception reason query, which can assist managers Understand the status of mail correspondence. Quickly search and read email data backed up externally.

Email content audit filtering (optional)
Automatically filter and scan emails in accordance with corporate regulations or internal rules of the organization to detect inappropriate email behavior. Not only can scan the complete message content, but also perform keyword scanning for individual domains where the message is sent (outbound, inbound, outbound), and for filtering methods that meet the filtering conditions such as quarantine, delete, block sender IP, and send notification Letters, carbon copies, etc. can help system administrators comply with regulations inside and outside the enterprise.

SPF and DKIM authentication mechanism
SPF sender source verification can filter out letters from illegal hosts forged by legitimate domains; DKIM domain verification emails can be used to prevent email content from being tampered with. When sending the mail, the server signs the mail with the private key, and confirms the public key data recorded above with the sender's domain through DNS. It can be paired successfully with the private key, which means that the mail was indeed sent by the original sender. Both the receiving end and the sending end can use DKIM authentication to prevent spammers from spamming, sending spam letters through fake mail senders and fake private key signatures.

Webmail folder sharing (cloud disk)
HMail P30 mail host cloud hard disk provides a space for all users to share, users can share information, briefing materials, technical documents, market information, etc., through the interface can quickly upload or download files, and classify these files, which Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Virus Letter Filter
No built-in anti-virus engine (Clam AV). Anti-virus software Clam AV can detect more than 1.3 million types of viruses, worms, and Trojans. No matter email, WEB, or FTP, it will automatically scan for viruses, automatically update virus files through the Internet daily, and provide rankings of virus messages. Leaderboard report. Automatically check for virus patterns daily.

Spam Engine 3.0
Spam Engine 3.0 provides multiple layers of spam filtering mechanism, optimizes performance and reduces CPU usage, supports difficult language processing, UTF-8 encoding in multiple languages, and can use multiple evaluations for a single letter. The main feature is to speed up mail filtering processing , And added a self-developed "spam learning sharing" mechanism, sharing spam data through each company, parsed and interpreted by the research and development team, plus machine learning algorithms to process big data, to ensure that enterprises have the latest higher detection rate and the lowest false interception rate.

Painless transfer of letters
With the function of automatic account creation, the original mail host account and letter can be automatically converted. The administrator does not need to re-enter the account number and password, which reduces the trouble of new and old mail host replacement and account creation. In addition to automatic account creation / transfer settings, it also provides user account manual creation and AD account integration modes.

Personal data filtering protection (optional)
HMail P30 mail server provides the filtering function of personal information filtering in response to the protection of personal information laws, and performs filtering auditing settings for sensitive personal information. Administrators can directly choose to check the identity card number, credit card number, phone number, and action. Phone number, date of birth and other filtering conditions are controlled.

New Webmail
HERHSIANG mail server has built-in Outlooklike Webmail, which is similar to Outlook express style user interface, which is convenient for users to use immediately. You can browse, compose, and send and receive emails directly through any browser (http or https). The connection transmission process is protected by encryption to ensure the security of email communication. In addition, it also provides many friendly operation functions, such as: message dragging, message preview, login verification, message subject association, content fast search, multi-level folders, personal mail rules, personal signature files, and more importantly, shared folders , Automatic reply forwarding, delayed mail, and many other powerful features.
 
Push Mail
With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? He Xiang mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.
 
Co-signed files (mail disclaimer)
For the mail sent by the company, the company's common signature file (including the mail disclaimer) can be automatically annotated, and different content can be set according to different domain names, and the administrator can set the content of the signature file, and the account without the shared signature file With IP address.

Decentralized management and management
According to the decentralization and responsibility policy of the enterprise department, each administrator can define the permissions and management items of the login management interface, including mail records, user management, system management, log query, audit management (optional), traffic statistics, POP3 proxy Wait.

Hard Disk Self Test
For the mail host, the hard disk plays an important role like the heart of the human body. It stores all the emails of the company. If the company does not have a backup mechanism in place, there will be doubts about data loss when the hard disk is damaged. It's too late. In view of this, the Hexiang mail host provides a hard disk detection mechanism. Through real-time detection, the hard disk inspection status can be grasped, and related alarms are provided to allow administrators to have an additional security protection mechanism.

Outlook Contacts, Google Calendar (optional)
Allows users to synchronize the use of webmail and outlook contact list (including groups). HMail P30 provides Outlook Connector communication synchronization integration function. Whether you use it in Outlook or Webmail interface, you can quickly and regularly synchronize with each other, allowing you to E-mail is easier and more convenient to use. HMail P30 mail server calendar can be integrated with Google calendar, all schedules can be viewed on the same page, whether it is meetings, work or private leisure time can be easily arranged.

Personal calendar
Webmail's easy-to-use calendar tool also helps you manage daily events and calendars. And provides a group calendar function, so that you can also grasp all department-related activities at the same time. HMail P30 Webmail calendar not only has web version operation settings, but also provides APP applications (including IOS and Android), the two can be synchronized schedule.

Exclusive IOS & Android Mail App
HMail P30 provides a dedicated App sending and receiving program, which can be synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G, allowing you to grasp the mail messages at any time.

 
Simple management
Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close the remote control service of ping / http / https at will. HMail P30 series provides a variety of network testing tools, including PING, Traceroute, DNS query, Port query and other tools.

Mail routing
If the mail host is listed in RBL or other factors, if you cannot use this machine's external IP to send mail to the recipient, the mail will be sent out by another external mail host. Letters can be sent temporarily while being blocked to bypass IP.

POP3 proxy
In addition to the company's email account, users may have other important accounts in use. To grasp the latest information, they often need to log in to different browser pages to collect the letters all at once. In order to save users the time and convenience of receiving mails, the HERHSIANG mail server provides the function of POP3 proxy, which can collect all mails by the local account.

Various statistical reports (optional)
Provide diversified and easy-to-read statistical report information-including various kinds of statistics including traffic rankings, POP3 traffic rankings, personal reports, user traffic rankings, letter type distribution, audit isolation rankings, equipment dangerous password rankings, spam source rankings ... Auxiliary charts, and can set the chart column.

Newspaper delivery system (optional)
E-newsletters are an indispensable marketing tool for business operations. Many new products are often listed on the company. Of course, the publicity of old products is not a problem. In the past, most new product descriptions were sent to customers by email. Sending by e-newsletter is time-saving and convenient.

Hardware specifications
2.5 "SATA-III HDD: 2.5" SSD 500G
USB 2.0 Port: 2
Maximum number of people: 30
System Management
Management settings using a browser (HTTPS)
Supported Service Agreement
ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS
OnBoard web interface
1 LAN (All Giga Port)
MA 1U Mail Archive Server MA 1U Mail Archive Server
 MArchive H57TA's main functions include front-end gate protection capabilities (Anti-Virus, Anti-Spam, pre-mail audit, ransomware protection) and back-end audit capabilities (post-mail audit, mail record archiving, and mail history tracking). A single device can meet the email management needs of most enterprises. In addition to the basic record backup, the product also provides a complete internal and external, internal and external audit mechanism to review the mail received by employees.

Archive server features
Provide a stable, safe and stable storage space with unlimited capacity expansion.
Archive the entire enterprise's mail to one or more My SQL Server / MariaDB database.
Reduce the workload of the mail server. When the email is archived, the email can be deleted to keep the workload of the mail server at a certain level of operation.
With mail data leakage protection function, it can filter email content and attachment files to prevent data leakage.
Prevent users from deleting e-mails, avoid users from deleting important e-mails at will, and let enterprises have the risk of losing important information. The HERHSIANG archive server can completely eliminate this risk
Provide cloud backup and archive cloud services such as Office365 and Gmail.
Comply with relevant laws and regulations such as the Personal Assets Law and Business Secrets Protection Law.
Mail can be quickly restored through the personal mail backup and restore process-even accidentally deleted mail!
Provides webpage management mode, allowing users to search past emails from anywhere in the world.

Archive server features
Free you from the problem of PST file management and reduce the dependence on bulky PST files (Outlook)-easy to damage or lose in the event of hardware failure, you can archive and back up all Mail of the company early on HERHSIANG MArchive H57TA equipment
Provide users with a single web interface to search, and can retrieve past mails through My Mail personal inbox "retrieve mail"
Significantly reduce the storage requirements of mail, and at the same time do a good job of mail backup function.
Enhance Exchange performance and simplify backup and recovery
Reduce IT costs and expenses, reduce the excessive burden on the mail server, and reduce the complexity of the IT department's backup and letter preservation and restoration.
Helps to comply with personal data protection laws and ISO BS7799 regulations.
Provides extremely fast full-text search emails and all types of file attachments 



Support multiple domains and multiple mail hosts at the same time
HERHSIANG MArchive H57TA mail filtering and auditing equipment can support enterprises with multiple domain names (for example: herhsiang.com; herhsiang.com.tw ...) or a network environment built by multiple mail hosts, and can follow the preset rules Automatically transfer letters and attachments to storage devices.
 
Mail Gateway Protection
HERHSIANG provides high-efficiency spam filtering functions. The Mail Gateway solution can be safely deployed on the front of the mail server. The original HERHSIANG Mail OS technology and multi-layer mail scanning mechanism can effectively block the increasing number of spam, viruses and malicious email , Springboards, phishing emails, spyware and other threats to help companies effectively manage email security protection and improve service quality.
 
Firewall supports IPV4 / IPV6 address
In addition to supporting the IPv4 network environment, MArchive H57TA also supports the latest IPv6 Internet Protocol, a network architecture that allows IPv4 and IPv6 to run concurrently.
 
Full anti-spam filtering mechanism (Anti-Spam)
HERHSIANG spam filtering adopts the industry's most innovative approach to threat detection, applying the latest multi-layer scanning technology, including IP address credit rating, Bayesian filtering, Bayesian filtering automatic learning mechanism, spam feature filtering, and text link filtering mechanism , Automatic garbage learning, system black and white lists and personal black and white lists. In addition, in order to filter the hackers' penetration through the use of text links, the system provides a text link database, which can further protect corporate email security.
 
Garbage learning sharing mechanism
The "spam learning sharing" mechanism developed by the professional research and development team is a concept similar to the sharing economy. Users share spam information, analyze and interpret the email behaviors by the professional research and development team, and add machine learning algorithms to handle large Data allows enterprise users to quickly filter thousands of e-mail threats without using complex scanning engines, achieving a higher detection rate and the lowest false blocking rate than traditional spam filtering.
 
Anti-Virus Protection
MArchive H57TA has two built-in virus filtering engines, Clam AV and Kabbah Anti-Virus Engine (optional), which can accurately filter hidden viruses trapped in emails. Clam AV can automatically and automatically update the virus code for free. Millions of pens, so that enterprises can always stay up-to-date with the least cost. In addition, users can purchase a Kabbah anti-virus engine. The dual-engine protection can ensure mail security even more. All virus emails that are quarantined through the system provide complete virus filtering reports and records, and support Alarm.
 
Sandstorm Malware Detection
Detect files or URLs that are suspected to be at risk, and filter and detect attachments and URLs by comparing hash values. It can deeply block some malicious programs that have not been filtered by viruses and IPS signature databases. Letters are quarantined to hide hidden malicious programs and prevent users from receiving mail.
 
Event log viewer
Provides information, warnings, and errors and when they occur within the mail audit filtering facility. Simple and detailed log query service makes system maintenance easy and convenient. Its log management function is very comprehensive, and through WEB, it allows administrators to quickly query and search various types of system logs.
 
Mail archiving, review, and review (Mail Archive)
MArchive H57TA has a built-in post-mail archival audit mechanism, which can completely archive and store corporate emails. Whether it is external to internal, internal to external, or internal to internal, real-time archiving is performed. In addition to preventing users from deleting emails by mistake, Provide email resume graphs and provide a friendly keyword search mechanism. The system provides an interface for personal email archiving. Users can search online through IE, and search through keywords such as domain, user, sender / receiver, subject, email content, date, and attached files. Search archived messages, and read or retrieve the messages you need.
 
Mail audit filtering (Mail Audit), and has a personal filtering function
Through the device management interface, network administrators can adjust the conditions for sending and receiving mail according to the company's own mail policy settings. MArchive H57TA audit filtering equipment adopts the Policy method, and administrators can apply control rules based on the types of recipients, the subject of the message, the content of the message, the capacity of the message, and the file extension of the message. For personal information related conditions, He Xiang also provides personal information filtering related to sensitive information, including ID card number, date of birth, phone number, credit card number, mobile phone and other conditions. When the detection meets the filtering conditions, you can choose to forward it to the auditors for quarantine, deletion, copying, or sending a notification letter.
 
Mail logging, archiving and backup
Local storage record: HERHSIANG MArchive H57TA has a built-in 4TB hard disk capacity, which is archived according to the system default. The recorded mail is backed up to the database and stored in the local storage for 7 days by default.
 
External storage backup: Including USB backup, FTP backup, SAMBA (Network Neighborhood Backup), if the personal computer or mail host has an unexpected situation and cannot work, personal mail is still safely stored in the MARCHIVE H57TA hard disk and storage device. MARCHIVE H57TA can connect to multiple storage servers at the same time, and the administrator can directly search, retrieve or retrieve the backed up emails.
 
Support Office365, Gmail email backup files
MArchive H57TA mail backup service can support cloud platform and storage services, provide a hybrid cloud (public cloud / private cloud) flexible platform, integrate existing Google, Microsoft Office 365 cloud mail services, in addition to allowing enterprises to continuously maintain audit data on cloud mail Capabilities can also allow corporate emails to be placed in different storage locations to achieve the purpose of diversifying risks and offsite backups.
 
Integration of multiple identity authentication servers
MArchive H57TA can integrate multiple types of identity authentication servers to effectively check the correctness of the account during the user login email management process. At present, it can integrate servers including Radius, AD, POP3, IMAP, LDAP, and Google oAuth to check the validity of accounts and passwords. Among them, you must enter a complete email account account to connect to the back-end authentication server for queries. .
 
Original mail resume function
Hexiang mail resume function is an original design based on the concept of time axis. In addition to complete auditing and archiving of all incoming and outgoing emails, it also has Hexiang's original mail resume function. With a simple chart to grasp the start of each letter Relevance. When did you receive this letter? How many passes back and forth in the middle? Which users are included in each pass? What is the content of each letter? Through the mail association chart, users can quickly grasp the main interactive associations of letters.
 
Email Big Data Analysis (Mail Behavior) (Optional)
Data's data analysis is an important feature of Hexiang's archive server. It can analyze the behavior of users, including correlation diagrams of mailing, abnormal mail analysis data, and user time analysis data, so that managers can better understand the enterprise. Internal user mail usage status.
 
System management and use status
MArchive H57TA provides all network interface usage status, software and hardware system performance table (including real-time information such as boot time, CPU / HD / Memory usage ...), and all system usage status at a glance. The system has Event Log and Sys Log log management functions. If an abnormal event occurs, it will actively record and alert, and the system will send it to the administrator by email. MArchive H57TA provides automatic system update check and download function, which can regularly check the latest update status, and directly perform firmware update service through Web UI.
 
Flexible decentralized management mechanism
The user rights decentralization setting is super flexible. Users' rights can be set at different levels, including whether they have a manager role or just general queryer or user rights. And can set different mail access and manager permissions. With the authorization of hierarchical management, enterprises can have more flexible control, safe use and management and maintenance. According to the decentralization and decentralization policy of the enterprise department, the authority and management items for each administrator to log in to the management interface can be defined, including system management, SMTP server settings, transparent mode, domain management, authentication, and authority management ...
 
Web UI management / system settings
Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close / https remote control services at will. In addition, the administrator can set the MArchive H57TA device browser title, home page title, and host name of the server.
 
System backup and restore
According to the set backup content, the backup is performed at a specified time. It is more convenient to use the USB slot on the interface of the HERHSIANG mail audit filter device for backup, which makes it easier for the administrator to maintain.
After using the built-in backup data disk or USB HDD for backup full machine backup, in case the local system hard disk fails, select the backup data disk or USB backup system hard disk to be used when booting, and then return the whole machine to backup It can replace the tape drive to save the system permanently.
 
No user authorization and restrictions
Hexiang MArchive series equipment has no restrictions on the use of the number of people, which will vary depending on the hardware operating performance or the amount of corporate mail. The system provides a free firmware update service mechanism, including the garbage database signature code, and the Clam AV anti-virus engine, which greatly saves maintenance and management costs and reduces after-sales service operations.
 
Personal Archive interface
Provide personal Archive interface, user permissions include domain query, department query and individual user query. Mail query provides multiple search interface fields, including sender, recipient, subject, content, date, etc. For users who are accustomed to the Outlook interface, Outlook Plug-in is also provided to facilitate searching and archiving directly through Outlook mail.
 
Personal email disaster backup and restore
Passive to active, recovery files no longer need to rely on IT professionals to handle, personally send the data on HERHSIANG MArchive H57TA directly to a specific user account again, when the user's computer, hard disk is damaged, data is lost, you can borrow The backup and restore function restores all user letters to the account again, providing the best backup mechanism for disaster recovery.
 
Exclusive Personalized Dashboard Chart
Different from the traditional system report format, MArchive H57TA mail audit and archiving device provides a personalized report analysis charter. Users can customize the query date to understand the statistics of personal general mail, spam and virus letters. Graphical display. In addition, users can further analyze the proportion of mail received and related information.

Build architecture: Supports transparent mode (Bridge), gateway mode (Gateway), POP3/IMAP revenue generation deployment architecture
 
 
Transparent mode (Bridge)
MArchive H57TA has a set of LAN Bypass mode, which can be set up in front of the main mail server. It uses Bridge mode to record all incoming and outgoing mail. As internal users of the enterprise may use a variety of mail software to receive mail (for example: outlook, Thunderbird …), Whether internal or external or internal to internal, the mail will be audited, filtered, spam filtered, and virus filtered through the MArchive H57TA mail audit and archiving device, and all communication emails will be completely recorded.
 
Gateway Mode
MArchive H57TA can also be used as a gateway for e-mail. After the virus and advertisement mails are completed, the clean mail is forwarded to the back-end mail server. The e-mail function usually consumes high system resources. Outlook users can also point SMTP to MArchive H57TA as a gateway for audit filtering, and then send the mail to the back-end mail server, or some enterprise users set up the mail server on a virtual machine (VM). The mode of receiving traffic is also applicable to the gateway mode.
 
POP3 / IMAP collection mode
Adopt POP3 and IMAP collection methods, similar to copying all incoming and outgoing mail to the device in Journal mode, whether the mail host is supported in the cloud (Gmail / 163 / Office365) or the internal Microsoft Exchange Server, IBM Lotus, just need Set the necessary information and download the messages to be backed up to the device.

Popular commodity
1U 6P IPS NG-UTM 1U 6P IPS NG-UTM
NGS 1351HF is a network security device that complies with Next Generation UTM specifications. It features high operating efficiency, multiple security protection mechanisms, and hierarchical authorization management. It is the preferred network security and management device for medium and large enterprises. NGS 1351HF has the powerful functions of next-generation firewall, including Deep Packet Inspection (DPI) -based application identification and control, In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, anti-virus, spam filtering, and Supports external authentication integration and other functions, which can prevent hackers from sneaking into malicious attacks or unauthorized access to internal network resources. In addition, NGS 1351HF also supports dual-machine backup mechanism (HA), which can ensure the continuous operation of equipment.
 
NGS 1351HF is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).
 
Balancing performance and functionality
HERHSIANG NGS 1351HF, its hardware platform is carefully designed, using X86 hardware equipment, the purpose is to allow enterprise users to fully feel the security protection features provided by HERHSIANG Next Generation UTM. For customers with high connection capacity requirements, we provide high-performance security modules to improve connection capacity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
There is a shortage of IP v4 addresses, and the age of IP v6 is coming sooner or later, so HERHSIANG has already integrated this trend when developing the next-generation UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. v4 or v6 IP address, so whether it is in a pure v4 environment, a mixed v4 / v6, or a pure v6 environment, NGS 1351HF is the same.

Support SDN controller
Support SDN controller, can make more than 1 port to form ZONE, directly managed by the SDN controller, and ZONE and ZONE packet transmission will also pass NGS 1351HF packet detection. And with VLAN 802.1Q function, it can cut the internal network into several independent sub-network segments, each of which operates independently without interference.


SSL encrypted connection detection
With the ability to detect SSL traffic, when facing SSL-encrypted connection traffic, you can apply intrusion detection defense, gateway anti-virus, content filtering, and application bandwidth control.

Load balancing
Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line to ensure that the internal user network is unblocked. When the line is restored, the packet It will be assigned automatically again. Enterprises can set load balancing rules according to their own needs, and network access can refer to the set rules to implement network traffic load balancing guidance. The algorithms are: automatic allocation, manual allocation, allocation based on source IP, and allocation based on destination IP.


IPS Intrusion Prevention
IPS It will check the content corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs and viruses, hidden in the TCP / IP communication protocol. After detailed content inspection, the qualified feature code will be Mark out, once discovered, you can block the packets immediately, so that these malicious packets through the firewall have nothing to hide.

 
WAF (Web Application Firewall)
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.


Threat Detection Defense
Provide enterprises with the most complete defense-in-depth mechanism. Today's network attacks cannot rely on a single point of protection but require complete defense-in-depth. Only through different levels of defense technology can there be a way to reduce the potential threats to the enterprise. In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for corporate security protection, Hexiang NGS 1351HF can strengthen the detection of malicious programs for traffic, web pages, and emails. Through the analysis of related security mechanisms , Play the role of defense in depth.

Mail Gateway Protection
The company already has a mail host, but the spam filtering performance is not good. You can use NGS 1351HF as the mail gateway mode to supplement the original mail server's insufficient functions, such as spam filtering and virus filtering. After filtering the virus and advertisement mail through NGS 1351HF, send the clean mail to the mail host.

Virus filtering (optional for Kaba driver anti-virus)
The system provides Clam AV anti-virus engine for free, which can detect more than millions of viruses, worms, and Trojan horse programs. It can automatically scan for viruses in emails, update virus files through the Internet daily, and provide virus mail search condition. The administrator can set the processing method of poisoned mail by himself, including automatic deletion, storage of poisoned mail extension and the subject of poisoned mail notification letter. With the new generation of UTM Kabbah anti-virus engine, customers can purchase and continue to enjoy the Kaspersky anti-virus engine leader with the highest scanning rate and the strongest virus repair.

Spam filtering
Both internal and external mail can be filtered, and ST-IP network letter review, Bayesian filtering, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification are provided. , White list comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without misjudgment. The accuracy rate is more than 95%. Mail filtering, which can forward, delete, and block the letters that meet the filter conditions set by the administrator.

Anomaly IP analysis
Any network behavior, no matter what kind of software the user runs, from the perspective of network packets, it is roughly divided into the number of uploads and downloads (Connect Session), flow (Flow) and duration (Time), by detecting these The combination of the numbers estimates that the user is using the Internet normally or has abnormal behavior. When abnormal behaviors of internal users are discovered, the manager can adopt a variety of strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling a cooperative defense mechanism to notify the switch to block it or notifying the manager.

Bandwidth Management (QoS)
Assist network administrators to control the network, effectively reduce the obstruction of corporate network, improve serviceability and bandwidth usage. With QoS (bandwidth management) function, it can distribute limited bandwidth to all users. The difference from ordinary bandwidth controllers is that in addition to providing maximum bandwidth and priority management, NGS 1351HF also has a guaranteed bandwidth function. And it also has a personalized bandwidth management design, which can be set for individual users. Bandwidth tube  When used with a personalized bandwidth tube, the bandwidth pre-defined by the bandwidth management function can be allocated to users below the enterprise, which can effectively prevent the band from being exclusively occupied by users.

Content filtering
Provide Web Filter (web page filtering) function, can block the access to inappropriate web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and can set filter conditions to block inappropriate websites.

URL database management [optional 3rd party database (optional), Built for 2 years]
The built-in "cloud URL database" automatically categorizes web pages. As long as the administrator can prevent harmful URLs from blocking, it can be easily controlled without having to enter website IP addresses and keywords one by one to block. Clicking on harmful URLs arbitrarily is the source of evil. The best way to prevent blocking is to prohibit the use of the Internet. If it cannot be completely banned, the constantly updated URL database is the best protection mechanism.

Full record of online behavior
Some employees of the company use the Internet during work hours to do non-work-related tasks, with small chats and leaks. NGS 1351HF can not only limit the user's permission to use related applications, but also record related online behaviors, including browsing the web and sending emails. When a company leaks information, the saved information is the best evidence to present as evidence.

Traffic Analysis
Provide traffic analysis tools, whether it is the internal user's computer power on and off, real-time network traffic display, communication protocol allocation and traffic rankings. When the line is full, you can immediately find the traffic killer.

Application management [optional 3rd party database (optional), Built for 2 years]
Not only is it difficult to manage a variety of network applications, it is also easier to become the best channel for data leakage and virus attacks. NGS 1351HF has a variety of built-in application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees' use of application software. Permissions to protect corporate network security.

Graphical traffic report
Provide web interface traffic reports, draw the system's historical status into charts, so that managers can grasp the current system operating status at any time. NGS 1351HF provides system status charts (including CPU load chart, memory load chart, system load), network traffic chart (LAN traffic, WAN1 ~ WAN5 traffic), and provides query conditions to quickly search the history of each traffic status .
 

VPN function
Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users. Through these VPN mechanisms, users can connect to different devices from different locations, including home, external public information service stations, and the Internet, such as laptops, branch offices, business locations, mobile communication devices, or home. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.
1U 10 PORT NG-UTM 1U 10 PORT NG-UTM
The NGS 5752HF is a network security device that conforms to the Next Generation UTM specification. It features high operating efficiency, multiple security protection mechanisms, and layered authorization management. It is the preferred network security and management device for medium and large enterprises. The NGS 5752HF features the powerful capabilities of a new generation of firewalls, including Deep Packet Inspection (DPI)-based application identification and regulation, In-Line IPS, SSL resolution and blocking, Web Filtering, bandwidth management, antivirus, and spam filtering. Support for external authentication integration and other functions to prevent hackers from maliciously sneaking into attacks or unauthorized access to internal network resources. In addition, the NGS 5752HF also supports a two-machine backup mechanism (HA) to ensure continuous operation of the equipment.

NGS 5722HF is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).
 
Balance performance and function
HERHSIANG NGS 5752HF, its hardware platform is carefully designed with X86 hardware equipment, so that enterprise users can fully appreciate the security protection provided by HERHSIANG Next Generation UTM. For customers with high connectivity requirements, provide high-performance security modules to improve connectivity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
The IP v4 address is in short supply, and the IP v6 era is coming sooner or later, so HERHSIANG has integrated this trend when developing the next generation of UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so NGS 5752HF is the same whether it is in pure v4 environment, v4/v6 hybrid, pure v6 environment.

Support SDN controller
Support SDN controller, can make more than one Port group synthesize ZONE, directly managed by SDN controller, and ZONE and ZONE packet transmission, will also pass the NGS 5752HF packet detection. It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which has independent operation and does not interfere with each other.
 

SSL encrypted connection detection
With the ability to detect SSL traffic, it can apply intrusion detection defense, gateway anti-virus, content filtering and application bandwidth management when faced with SSL-encrypted connection traffic.

Load balancing
Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line, ensuring that the internal user network is unblocked. When the line is restored, the packet is buffered. It will be automatically assigned. The enterprise can set the load balancing rules according to the requirements, and the network access can perform the network traffic load balancing guidance by referring to the set rules. The algorithms are: automatic allocation, manual allocation, source IP allocation, and destination IP allocation.




IPS intrusion prevention
IPS It checks the contents corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs, viruses, hidden in the TCP/IP communication protocol, and after the detailed content check, the qualified signature will be Marked out, once it is discovered, it can block the packet immediately, so that these malicious packets passing through the firewall are invisible.

 
WAF (Web Application Firewall)
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.


Threat detection defense
Providing the most complete defense-in-depth mechanism of the enterprise, the attack behavior of the current network cannot rely on single-point protection and requires complete defense in depth. With different levels of defense technology, it is possible to reduce the potential threat behavior that the enterprise may suffer. In addition to providing firewalls, intrusion detection systems (IPS) and anti-virus as the basis for enterprise security protection, Hexiang NGS 5752HF can enhance the detection of malicious programs for traffic, web pages and emails, and the related analysis of different security mechanisms. To play the role of defense in depth.

Mail gateway protection
The enterprise already has a mail host, but the spam filtering performance is not good. The NGS 5752HF can be used as a mail gateway mode to supplement the original mail server, such as spam filtering and virus letter filtering. After filtering the virus and advertising mail through NGS 5752HF, send the clean mail to the mail host.

Virus letter filtering
Clam AV anti-virus engine protection, free Clam AV anti-virus engine, can detect millions of viruses, worms, Trojans, automatically scan for viruses, and automatically update virus files every day through the Internet. And provide virus mail search conditions. The administrator can set the poisoning mail processing method, including the automatic deletion, the poisoned mail extension file name and the poison mail notification letter. Kabbah antivirus engine is also available.

Spam filtering
Internal mail or external mail can be filtered, and provide ST-IP network credit rating, Bayesian filtering method, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification, etc. , whitelist comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without error, with an accuracy rate of over 95%. Mail filtering can perform actions such as forwarding, deleting, and blocking messages that match the filter conditions set by the administrator.

Abnormal IP analysis
Any network behavior, regardless of which software the user performs, is roughly divided into the number of connected and downloaded Connect Sessions, Flows, and Durations from the perspective of network packets. The combination of quantities estimates whether the user is using the network normally or has abnormal behavior. When an internal user's abnormal behavior is discovered, the administrator can take various strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling the collaborative defense mechanism to notify the switch to block it or notify the administrator.

Bandwidth Management (QoS)
Help network administrators control network traffic, effectively slow down corporate network congestion, improve serviceability and bandwidth usage. With QoS (Bandwidth Management), it can distribute limited bandwidth to all users. The difference with the general bandwidth manager is that the NGS 5752HF has a guaranteed bandwidth as well as maximum bandwidth and priority management. It also has a personalized bandwidth management design that allows for bandwidth management settings for individual users. If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to users under the enterprise, which can effectively prevent the bandwidth from being exclusive to the user.

Content filtering
Provide Web Filter (Web Filter) to block inappropriate access to web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and to set up filtering conditions to block inappropriate websites.

URL database management  [Optional 3rd party database (optional)]
The built-in "cloud URL database" automatically classifies web pages. Managers can easily control against harmful URLs. You can easily control them without having to enter the IP address and keywords of the website one by one. Any choice of harmful URLs is a source of sin. The best way to prevent blocking is to ban the use of the Internet. If it is not completely banned, using a constantly updated URL database is the best protection mechanism.

Online behavior record
Some employees of the company go online during work hours, do things that are not for work purposes, have small chats, and have a lot of secrets. In addition to limiting the permissions used by user-related applications, the NGS 5752HF can also record related online behaviors, including browsing web pages and email delivery. When a company has a leak, the information that has been saved is the best evidence used to prove it.

Traffic Analysis
Provides traffic analysis tools, whether it is the internal user computer on/off status, network traffic instant display, protocol assignment and traffic leaderboard, when the line is fully loaded, you can immediately find the traffic murderer.

Application management [Optional 3rd party database (optional)]
Various network application softwares are not only difficult to manage, but also easier to become the best conduit for data leakage and virus attacks. NGS 5752HF has built-in multiple application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees to use application software. Permissions to protect corporate network security.

Graphical traffic report
Provides a flow report of the WEB interface, and draws the historical state of the system into a chart, so that the administrator can keep abreast of the current system operation status. NGS 5752HF provides system status chart (including CPU load map, memory load map, system load), network traffic graph (LAN traffic, WAN1~WAN9 traffic), and provides query conditions to quickly search each traffic status history. .
 

VPN function
Use IPSec, PPTP, L2TP, and SSL VPN to secure connection between Site to Site, Point to Site, and remote users. Through these VPN mechanisms, users can connect to different devices, such as laptops, branch offices, business offices, mobile devices or homes, from different locations, including home and external public information service stations and the Internet. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.
1U 18P IPS NG-UTM 1U 18P IPS NG-UTM
 The NGS 5792HF is a network security device conforming to the Next Generation UTM specification. It features high operating efficiency, multiple security protection mechanisms, and layered authorization management. It is the preferred network security and management device for medium and large enterprises. The NGS 5792HF features the powerful capabilities of the new generation of firewalls, including Deep Packet Inspection (DPI)-based application identification and regulation, In-Line IPS, SSL resolution and blocking, Web Filtering, bandwidth management, antivirus, and spam filtering. Support for external authentication integration and other functions to prevent hackers from maliciously sneaking into attacks or unauthorized access to internal network resources. In addition, the NGS 5792HF also supports a two-machine backup mechanism (HA) to ensure continuous operation of the equipment.
 
NGS 5792HF is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).
 
Balance performance and function
HERHSIANG NGS 5792HF, its hardware platform is carefully designed with X86 hardware devices, so that enterprise users can fully appreciate the security protection provided by HERHSIANG Next Generation UTM. For customers with high connectivity requirements, high-performance security modules are provided to improve connectivity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
The IP v4 address is in short supply, and the IP v6 era is coming sooner or later, so HERHSIANG has integrated this trend when developing the next generation of UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so NGS 5792HF is the same whether it is in pure v4 environment, v4/v6 hybrid, pure v6 environment.

Support SDN controller
Supporting SDN controller, more than one port group can be combined into ZONE, which is directly managed by SDN controller, and ZONE and ZONE packets are transmitted, and will also be detected by NGS 5792HF packet detection. It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which has independent operation and does not interfere with each other.
 

SSL encrypted connection detection
With the ability to detect SSL traffic, you can apply intrusion detection defense, gateway anti-virus, content filtering and application bandwidth management when faced with SSL-encrypted traffic.

Load balancing
Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line, ensuring that the internal user network is unblocked. When the line is restored, the packet is packetized. It will be automatically assigned. The enterprise can set the load balancing rules according to the requirements, and the network access can perform the network traffic load balancing guidance by referring to the set rules. The algorithms are: automatic allocation, manual allocation, source IP allocation, and destination IP allocation.



IPS intrusion prevention
IPS It checks the contents corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs, viruses, hidden in the TCP/IP communication protocol, and after the detailed content check, the qualified signature will be Marked out, once found, can block the packet immediately, so that these malicious packets through the firewall are invisible.


 WAF (Web Application Firewall)
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.

 
Threat detection defense
Providing the most complete defense defense mechanism of the enterprise, the attack behavior of the current network cannot rely on single point protection and requires complete defense in depth. With different levels of defense technology, it is possible to reduce the potential threat behavior that the enterprise may suffer. In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for enterprise security protection, the Hexiang NGS 5792HF can enhance the detection of malicious programs for traffic, web pages and emails, and the connection analysis of different security mechanisms. To play the role of defense in depth.

Mail gateway protection
The enterprise already has a mail host, but the spam filtering performance is not good. The NGS 5792HF can be used as a mail gateway mode to supplement the original mail server, such as spam filtering and virus letter filtering. After filtering the virus and advertising mail through NGS 5792HF, send the clean mail to the mail host.

Virus letter filtering
The system provides Clam AV anti-virus engine for free. It can detect more than millions of viruses, worms, and Trojan horses. It can automatically scan for viruses on emails, automatically update virus files through the Internet daily, and provide virus email search. condition. The administrator can set the processing method of the poisoned mail, including automatic deletion, storage of the poisoned mail extension and the subject of the poisoned mail notification letter. The new-generation UTM has a built-in Kabar anti-virus engine for one year. Customers can choose to continue to enjoy Kaspersky Anti-Virus, the leader in virus scanning and virus repair.

Spam filtering
Internal mail or external mail can be filtered, and provide ST-IP network credit rating, Bayesian filtering method, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification, etc. , whitelist comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without error, with an accuracy rate of over 95%. Mail filtering can perform actions such as transfer, deletion, and blocking of messages that meet the filter conditions set by the administrator.

Abnormal IP analysis
Any network behavior, regardless of which software the user executes, is roughly divided into the number of connected and downloaded Connect Sessions, Flows, and Durations from the perspective of network packets. The combination of the numbers estimates that the user is using the network normally or has abnormal behavior. When an internal user's abnormal behavior is discovered, the administrator can adopt various strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling the collaborative defense mechanism to notify the switch to block it or notify the administrator.

Bandwidth Management (QoS)
Help network administrators control network traffic, effectively slow down corporate network congestion, improve serviceability and bandwidth usage. With QoS (Bandwidth Management), it can distribute limited bandwidth to all users. The difference with the general bandwidth manager is that the NGS 5792HF has a guaranteed bandwidth as well as maximum bandwidth and priority management. It also has a personalized bandwidth management design that allows for bandwidth management settings for individual users. If the bandwidth management is used with the personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to the users below the enterprise, which can effectively prevent the bandwidth from being exclusive to the user.

Content filtering
Provide Web Filter (Web Filter) to block inappropriate access to web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and to set up filtering conditions to block inappropriate websites.

URL database management [Optional 3rd party database (optional)]
Built-in "cloud URL database" automatically classifies web pages. Managers can easily control against harmful URLs. You can easily control them without having to enter the IP address and keywords of the website one by one. Any choice of harmful URLs is a source of sin. The best way to prevent blocking is to ban the use of the Internet. If it is not completely banned, using a constantly updated URL database is the best protection mechanism.

Online behavior record
Some employees of the company go online during work hours, do things that are not for work purposes, have small chats, and have a lot of secrets. In addition to limiting the permissions used by user-related applications, the NGS 5792HF can also record related online behaviors, including browsing web pages and email delivery. When a company has a leak, the information that has been saved is the best evidence to use as a testimony.

Traffic Analysis
Provides traffic analysis tools, whether it is internal user computer on/off status, network traffic instant display, protocol assignment, and traffic leaderboard. When the line is fully loaded, the traffic murderer can be found immediately.

Application Management [Optional 3rd party database (optional)]
Various network application softwares are not only difficult to manage, but also easier to become the best conduit for data leakage and virus attacks. NGS 5792HF has built-in multiple application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees to use application software. Permissions to protect corporate network security.

Graphical traffic report
Provides a flow report of the WEB interface, and draws the historical state of the system into a chart, so that the administrator can grasp the current system operation status at any time. NGS 5792HF provides system status chart (including CPU load map, memory load map, system load), network traffic graph (LAN traffic, WAN1~WAN17 traffic), and provides query conditions to quickly search each traffic status history. .
 

VPN function
Use IPSec, PPTP, L2TP, and SSL VPN to secure connection between Site to Site, Point to Site, and remote users. Through these VPN mechanisms, users can connect to different devices, such as laptops, branch offices, business offices, mobile devices or homes, from different locations, including home, external public information service stations, and the Internet. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.
1U 14P IDP UTM 1U 14P IDP UTM

NTS 5572FR Features
NTS 5572FR multifunction Unified Threat Control equipment, in addition to the general market firewall (Firewall) function, plus IDP Intrusion Detection and Prevention, bandwidth management, load balancing, content filtering, virtual private channel (IPSec, L2TP, PPTP VPN), (WEB / SSL VPN) and many other features. Even the content of instant messaging, FTP, MAIL, web pages transmitted, can complete all skimming, NTS 5572FR for different sizes of small and medium enterprises, SMEs can meet a demand for network security defenses to help SMEs in the first line of the web immediate threats to intercept the same time, allow the web to maintain stunning excellent performance.
   
Built complete SPI firewall mechanism to protect corporate network security
NTS 5572FR built-in SPI technology, proactively block, blocking hackers, whether DOS, DDOS, UDP Flood and other attacks can be blocked even can withstand winds viruses, ensure that the internal users secure.
   
Stateful inspection packet filtering technology
NTS 5572FR main filtering technology is state detection (Stateful Inspection), in addition to its traditional third layer firewall (using the source / destination IP address or Port) and out of control packets, but also increase the packet was state control, for example, the packet is in the initial set-up phase or data transfer phase, the operating mode is similar to the state of the packet filter firewall, but using a more sophisticated access control packet calculation.
   
Object Management Technology
For added convenience NTS management, HERHSIANG extensive use of the concept of object, any TCP / IP on the control project can be defined as an object in advance, after the definition of each object, with the operating regulations, so in line with the object allows network packets or refusal by NTS 5572FR, reduce the complexity of managing the NTS.
   
Bridge, NAT mixed mode
Build network infrastructure has been in progress to change, if the customer's network environment because of lack of the original building, for example, had only a simple IP router provides Internet access, after a period of time, resulting in safety concerns or because on the net road application content changes, need to make up the missing features, NTS 5572FR can take DMZ interface bridge (bridge) mode, with rich functionality provided NTS 5572FR, the web world meet changing security requirements, the bridge (bridge) mode ensures that the user's environment, not because you want to improve the level of security and undermine the integrity of the existing networks.
   
Inbound / Outbound Load Balancing line
For users with more than two lines, NTS 5572FR can provide load balancing mechanism outside the line, after which a line break, all network packets are automatically turned to another normal line to ensure the smooth flow of the internal user network , when the line returns, will automatically assign packets.


   
Custom web interface
Managers may need to define themselves in accordance with the internal interface address outside the company, which WAN2 / WAN3 / WAN4 choose LAN2 LAN3 LAN4 NAT modes and WAN, DMZ interface can even choose NAT / pass-through bridge (Transparent Bridging), through the passage (TransparentRouting) / WAN5 four models, even if the network interface is defined NTS still supports Out / In Bound load balancing when multiple WAN Port.
   
IP V4 / V6 dual technology
IP V4 address shortage, IP V6 era coming sooner or later, so HERHSIANG when developing the next generation of NTS has been this trend will integrate with a network interface regardless of whether it is defined as WAN or LAN, can bind simultaneously V4 or V6 IP address, so whether it is in a pure environment V4, V4 / V6 hybrid, pure V6 environment, NTS same combination.
   
IDP Intrusion Detection and Prevention
IDP it checks correspond to the first 4-7 layers of the OSI model content, whether malicious attack program, virus, hidden in the communication protocol of TCP / IP, and after using the detailed content inspection, the signature will be eligible marked, but found a way to instantly stop the packet, so that these malicious packets through the firewall undetected.



Cooperative defense mechanism

Cooperative defense belongs NTS advanced protection through IP anomaly analysis, switches (Switch), real-time status monitoring division inside the machine when the internal network to issue a large number of abnormal packets, blocking the transmission of these packets, and assist network management personnel as soon as possible to remove the unusual state, can know in the first time the event occurred which computer on which a switch PORT, avoid corporate network paralyzed. HERHSIANG NTS co-defense mechanism, without changing the network architecture does not require the more expensive dedicated Switch (with Layer 2 network switch), without adding any additional detection device, without changing the habits of each user's network, make network management easier operation and intuitive.

 

BotNet synergistic defense mechanisms
HERHSIANG NTS 5572FR combines BotNet function, both because of their own NAT function, when users use the internal mail server to send spam mail or directly outside, NTS with BotNet detection devices can be clear that what Taiwan is the real source of the attack, but also have a way to network packets directly hazardous blockade. In case, NTS's BotNet barrier after the incident, specific computer continued external attacks, to ensure NTS's CPU resources are not wasted on the same thing, the manager can enable collaborative BotNet defense mechanism, there will be problems of computer switch Port directly off (with co-defensive switch SGI-2404), NTS not only save resources, but also ensure that the internal network can not be sustained harm the zombie virus.
   
IP / MAC / Port interlock
In some relatively high sensitivity of the network environment, such as the military, government agencies, research institutions, etc., do not want users to replace any physical location Switch to the following user A (IP: 192.168.168.168, MAC: 00: 11: 22: AA: BB: CC) as an example, it can be targeted by NTS in Switch 3Port first hole, if he changed to any Switch of different holes, the device will not work.

   
CMS Central Management System
Want to manage dispersed around the firewall or NTS device, network managers rely on (MIS) mind, or purchase expensive computer memory network management software, NTS 5572FR you need remote device management software built-in, You only need to use one of the company or HSecurity + NTS device without additional software and DDNS, familiar management interface that lets you get more than one.

  
Powerful NAT, PAT
IPV4 address in the foreseeable few years will be all exhausted, so NAT function in the current network environment, everywhere, NTS provides a wealth of NAT function, whether it is 1: 1 address mapping, 1: N bits address translation, or inside out PAT, to apply the regulations to take effect immediately after.
   
A variety of Multi-Subnet
Traditionally, the bigger the network architecture will configure Layer 3 switches, then you can network packet great responsibility to handle the switch, but sort of network architecture, you can use Multi-Subnet to help. The NTS 5572FR's LAN or DMZ network interface can be thought of as bound to different subnetwork L3 switches, and all network packets are exchanged via NTS 5572FR route, so that regardless of how the growth of the enterprise network , and when necessary, add a sub-network, to meet the growing demand of the time.
   
DNS server
NTS built-in DNS server, the annoying A RECORD, MX and other settings, all to the internal DNS servers, DNS can not only name resolution support IPV4, IPV6 also be part of even a good job, more advanced part can do the same domain name and different IP addresses respond InBound load balancing.
   
Content Filtering
Provides Web Filter (Web filtering) function can block access to inappropriate web working end (such as pornography, violence) and offensive pages (such as hackers, viruses), built-in classification database, and can set up filters to block inappropriate website.
   
Connection and control of SSL VPN (support Android 4.0 above systems)
SSL VPN with a Regulatory functions for remote users, the controls have two directions, one is to enter the internal network, and the other is through the VPN Server Internet (you can choose to enable or turn off this feature), which 2 control can control the direction of the distal end user bandwidth, communication services and time.
To connect to a destination within the network to obtain the encrypted information to be available on Google Play 2.1.8 support the Company's website or download SSLVPN APP program, installed in smart phones or tablet after setting.

  
IPSec / L2TP / PPTP VPN connection and control (V2.2.0 IPSEC support recovery function)
IPSec / L2TP software NTS 5572FR used, in full compliance with IPSec standard definition, ensure equipment interoperability with other IPSec support agreements. PPTP VPN RFC follow the relevant standards, support MS-CHAP and MS-CHAP V2 identity authentication and MPPE encryption algorithm. For all access to the interior or from the interior through the distal end of the VPN tunnel to the VPN all packets, using the unique mechanism of regulations, management packets in and out of time, bandwidth, communication services, this mechanism will not ensure that the internal remote VPN connection, network virus infection or occupy all of the bandwidth.



HERHSIANG Android SSLVPN APP
 
Anti-virus mechanisms HTTP, FTP, MAIL's
Built-in firewall free ClamAV antivirus engine, automatic daily virus updates from the Internet, available to different network services you use, so as to improve network performance and security.
   
App Control
NTS 5572FR using packet technology characteristic values, the kind of recognition software and put it appropriate classification, including [P2P] software, instant messaging software [], [] WEB applications, entertainment software [], [] other five major categories may be required for the project to make regulatory control objectives, apply the regulations, you can open or structured control specific apps.
   
Spam filtering
The proliferation of spam, so that all people are suffering, NTS 5572FR provide excellent protection mechanism to ensure that the user's mail clean, in addition to traditional spam eigenvalues, Bayesian filtering method, and more on the type of diagram for spam special judge mechanisms to increase the accuracy of the determination, the audit function for all incoming and outgoing letters do audits, perform quarantine / delete / IP block / copy to the other activities.
   
Smart QoS, bandwidth management than you can imagine
Bandwidth is for those who need to use, based on this principle, start [after] Smart QoS, NTS 5572FR will automatically check the remaining bandwidth, and assign it to those who are currently being used.
   
Mail gateway function (Gateway)
After NTS 5572FR can be as mail filtering gateway that lets mail server virus and spam filtering End, just a clean mail to your existing mail server.
   
Detailed records WEB, FTP, SKYPE, MSN, Mail Content
NTS 5572FR built-in recorder function, skimming WEB, FTP file transfer, SKYPE and QQ conversations, MSN conversations and file transfer, IM (Yahoo, ICQ, IRC, Gadu, Jabber) and delivery of incoming mail, etc. recorded with the regulations of use, automatic backup of all user-specific data to and from.
   
Traffic Analysis
Whether internal user computer switch status, real-time display of network traffic, protocol distribution and flow charts, all the traditional NTS does not.
   
Internet authentication system
Built-in Internet authentication system may require the user through the required certification before being online. In addition to the machine account password provided in POP3 integrated enterprise, WINDOWS AD authentication server unified management account.
    
HA stateful redundancy mechanism
NTS 5572FR in Duplex redundancy mode, take the host (Master) and backup machine (Standby) backup with each other, that would normally host-priority gateway device, but a problem with the host Master, Standby backup host automatically adjusting the internal configuration of the host and replace functions, to maintain internal / external networks continue to operate the line, to avoid missing opportunities.
Network management personnel can also get instant messaging new host, to do repair and maintenance work on the original failed host to enable it to resume operations as soon as possible to protect the network sustainable open. The device can also double to extend the life of the machine via recycling.
   
With remote management capabilities, easy installation simple operation
Use the Web to set and update the firmware, the operation screen can always switch to Traditional Chinese / Simplified Chinese / English.
Built on a regular basis to generate various types of reports module
Safety factor
NTS 5572FR reporting system for "Top management" to provide assessment standard safety factor, to each NTS message notification settings weighted scores, all the scores are added up, is the safety factor.
Because everyone finds a safety factor is not the same, some people think HA handover is a serious event, when the HA can switch the weight increase, the reaction





Each person will only look at the report concerned responsible for their own projects, so NTS 5572FR in the design, this concept to the extreme.
In the design concept, the manager made a common model to everyone, and you can customize your own unique template for each recipient.
Available in 12 reporting structure, managers can give specific report to view a specific person.

Numbers on the safety factor will be larger. The safety factor is a relative value, not an absolute value.


Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

 

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.

MD Desktop mail server MD Desktop mail server
Decentralized mail architecture
For companies, institutions, or schools that provide multi-site or high-traffic e-mail needs, it can speed up mail delivery and communication. The database, account number, and e-mail communication records between the main and auxiliary machines will be synchronized with each other through encrypted channels. For the communication records of all mails, whether it is outbound, inbound or internal mails of each outbound point, will be aggregated into the database of the mail service of the computer center, in case you want to query The communication records of the mails are all based, and the mail hosts of the external point (slave) all receive and send mails from the local mail host. There is no need to wait for the reply from the remote host, which speeds up the processing speed of the mail and has remote backup Aid mechanism function.
Support IPV4 / IPV6 address
The built-in IPV4 / V6 dual-frequency DNS server provides the functions required for a complete DNS service. For example, DNS forward check, reverse check, A, AAAA records, etc., solve the inconvenience and trouble of the administrator to set up the DNS server.
  
Easy to install
All management items of MDispersion H168 can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.
  
Home details
The MDispersion H168 homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Multi-domain independent mail system function
MDispersion H168 has a multi-domain independent mail system function (multi-DOMAIN). In addition to setting the domain name of its parent company, if it also needs to receive other branch domain name letters at the same time, you can enter other domain names on the system. There is no limit to the number of multi-domain names, which allows the enterprise mail system to have multiple mail domain aliases at the same time.

Exclusive IOS & Android Mail App
MDispersion H168 provides a dedicated App sending and receiving program, which is synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G, allowing you to keep track of mail messages at any time.





Mail firewall
Through anomalous traffic detection, authentication anomaly detection, authentication and sender confirmation, you can perform in-depth email detection and filter out email threats that traditional firewalls cannot intercept. All advertising spam letters, massive email attacks, and Trojan horses. , Dictionary attacks or hacking attacks, etc., can be filtered through the mail firewall layer by layer to protect the security of corporate mail operations.

Mail Gateway Protection
High-efficiency spam filtering function. The Mail Gateway solution that can be safely deployed in the front of the mail server. It uses OS64 3.0 technology and multiple layers of mail scanning mechanisms to effectively block increasing spam, viruses, malicious mail, springboards, and phishing. Threats such as email and spyware sending help companies effectively manage email security protection and improve email service quality.

Multi-layer spam filtering mechanism
MDispersion H168 mail server has built-in gray list, fingerprint identification, black and white list setting, IP address anti-decryption verification, SPF verification, sender abnormality verification, DKIM verification function, and has text link filtering and abnormal sending Detection and protection mechanism, which can filter and parse the URL of the message body, and detect and scan compressed archives (ZIP / RAR). Any irregularity can be filtered or blocked, which can greatly reduce the threat from email threat .

Smart Spam Learning Mechanism
Phishing email attacks and infiltration methods have been continuously improved, from emails, pictures, file archives, web page advertisements, system vulnerabilities to encrypted ransomware. MDispersion H168 uses advanced tools (smart learning) to interpret all incoming and outgoing email data and analyze the threats that may be hidden in it. For example, use the spam classification engine to automatically learn the letter characteristics of SPAM and HAM to help identify thousands of malicious programs or viruses. MDispersion H168 will deal with the complex problem of email. Through the concept of interconnection and data sharing, the email data will be transmitted through the cloud intelligent learning system to prevent and track the source of malicious attacks.

Sandstorm malware filtering mechanism
Advanced Sandstorm can effectively detect unknown advanced malware attachments, such as common Microsoft, Word, Excel, Power Point or PDF; or targeted phishing emails, or even compressed files, such as common ZIP and RAR, Sandstorm defense Before scanning Spam or Virus for corporate email, first compare the suspicious attachments and isolate the problematic letters, so that the hidden malicious programs can take shape and avoid affecting user email reception.

Ransomware protection
Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. The MDispersion H57TA email system provides a URL body link filtering database, which breaks through the general filtering against the sender's source IP or domain. MDispersion H168 plus the body IP and domain can effectively prevent ransomware attacks.

Virus Letter Filter
Built-in two sets of anti-virus engines, Calm AV anti-virus engine (free) and Kaspersky (optional). Anti-virus software Clam AV can detect more than 4 million types of viruses, worms, and Trojans. No matter email, WEB, or FTP, it will automatically scan for viruses, update virus files automatically through the Internet daily, and provide rankings of virus messages Leaderboard report. Automatically check for virus patterns daily. Kaspersky Anti-Virus provides enterprise-class network security protection against viruses, malware, spam, and other threats, taking into account performance and detection.

SPF and DKIM authentication mechanism
SPF sender source verification can filter out letters from illegal hosts forged by legitimate domains; DKIM domain verification emails can be used to prevent email content from being tampered with. When sending the mail, the server signs the mail with the private key, and confirms the public key data recorded above with the sender's domain through DNS. It can be paired successfully with the private key, which means that the mail was indeed sent by the original sender. Both the receiving end and the sending end can use DKIM authentication to prevent spammers from spamming, sending spam letters through fake mail senders and fake private key signatures.

Message Encryption (TLS) for secure message delivery
The MDispersion H168 mail server supports TLS (all MDispersion models). When users send and receive mail through SMTP, POP3, or IMAP, the mail will be transmitted using TLS encrypted connection, allowing mail data to be transmitted between personal devices and mail hosts. In this way, it is possible to securely prevent theft from being encrypted.

"Mail Security Signature" Identity Authentication Mechanism
Most hacking methods will steal the recipient's letter, fake the sender's reply scam, and in order to make the recipient reply to the letter for verification and not be received by the original sender, the sender's name will be partially changed. , So that the recipient is deceived without any doubt about him. MDispersion H168 mail security seal, provide personal verification seal and develop a seal icon, so that after receiving the letter, the recipient can return to the sending mail host through the link to confirm the original letter content, and check the confirmation letter sent Whether the content is consistent and consistent with the content.

Email content audit filtering
Automatically filter and scan emails in accordance with corporate regulations or internal rules of the organization to detect inappropriate email behavior. Not only can scan the complete message content, but also perform keyword scanning for individual domains where the message is sent (outbound, inbound, outbound), and for filtering methods that meet the filtering conditions such as quarantine, delete, block sender IP, and send notification Letters, carbon copies, etc. can help system administrators comply with regulations inside and outside the enterprise.

Personal data filtering protection
In order to respond to the protection of personal information laws, provide the filtering function of personal information filtering, and perform filtering audit settings for sensitive personal information. Administrators can directly choose to check the identity card number, credit card number, phone number, mobile phone number, date of birth Wait for filtering conditions for control.

Mail log function backup
For all the mail entering or leaving the mail server or mail gateway, along with the enclosing file, all the records are recorded, the user's computer letters are not visible, and can be forwarded to the user by the recorder, and can be automatically backed up to the network neighborhood or FTP Server, and provide corresponding fields for quick query and intercept reason query, which can help managers understand the status of mail exchanges. Quickly search and read email data backed up externally. The most important thing is that the format of the stored email is eml, which can be easily read or searched under any operating system.

Painless transfer of letters
With the function of automatic account creation, the original mail host account and letter can be automatically converted. The administrator does not need to re-enter the account number and password, which reduces the trouble of new and old mail host replacement and account creation. In addition to automatic account creation / transfer settings, it also provides user account manual creation and AD account integration modes.

Decentralized management and management
According to the decentralization and decentralization policy of the enterprise department, the authority and management items for each administrator to log in to the management interface can be defined, including mail records, user management, system management, log query, audit management, traffic statistics, POP3 proxy, etc.

Various statistical reports
Provide diversified and easy-to-read statistical report information-including various kinds of statistics including traffic rankings, POP3 traffic rankings, personal reports, user traffic rankings, letter type distribution, audit isolation rankings, equipment dangerous password rankings, spam source rankings, etc. Auxiliary charts, and can set the chart column.

Dual-machine (HA) and remote backup function
"Creating a never-ending network", dual-machine backup allows the main mail host of an enterprise to stop working when there is an abnormal operation. The backup mail host will automatically take over as the main mail host, allowing the corporate mail host to stay on for 24 hours. working normally. The off-site backup is to set up a dedicated mail host in the head office and the branch office. When the mail host fails in any place, the system can automatically switch to another host to keep it running. There are interruptions, and truly offsite backup services are available.



POP3 proxy
In addition to the company's email account, users may have other important accounts in use. To grasp the latest information, they often need to log in to different browser pages to collect the letters all at once. In order to save users the time and convenience of receiving mails, the HERHSIANG mail server provides the function of POP3 proxy. All the mails can be collected by the local account, and users can also set their own POP3 proxy function through Webmail interface.

Oversized attachment sending function
MDispersion H168 decentralized architecture mail server mail sending method, eliminates the problem of capacity limitation. Adopts the method of downloading the mail attachment file with a super download. When the sender's sending capacity exceeds the administrator's setting, the user receives When you send a letter, you can quickly download the file in http or encrypted mode (https).

New Webmail
HERHSIANG mail server has built-in Outlook like Webmail, which is similar to Outlook express style user interface, which is convenient for users to use immediately. You can browse, compose, and send and receive emails directly through any browser (http or https). The connection transmission process is protected by encryption to ensure the security of email communication.

Push Mail
With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? MDispersion H168 mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.
  
Newsletter delivery system
E-newsletters are an indispensable marketing tool for business operations. Many new products are often listed on the company. Of course, the publicity of old products is not a problem. In the past, most new product descriptions were sent to customers by email. Sending by e-newsletter is time-saving and convenient.

Webmail folder sharing (cloud disk)
MDispersion H168 mail host cloud hard disk provides a space for all users to share, users can share information, briefing materials, technical documents, market information, etc., through the interface can quickly upload or download files, and classify these files, which Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Webmail 2-step verification
Users can steal passwords by using the same password on multiple websites, downloading software over the Internet, and clicking links in email messages. MDispersion H168 Webmail uses a two-step verification mechanism to ensure account security through LINE notification verification or backup email. Even if a bad person steals your password, 2-step verification still keeps your account secure.

Co-signed files (mail disclaimer)
For the mail sent by the company, the company's common signature file (including the mail disclaimer) can be automatically annotated, and different content can be set according to different domain names, and the administrator can set the content of the signature file, and the account without the shared signature file With IP address.

Outlook address book, Google calendar synchronization integration
Allows users to synchronize the use of webmail and outlook contact list (including groups), MDispersion H168 provides Outlook Connector communication synchronization integration function, whether you use it in Outlook or Webmail interface, you can quickly and regularly synchronize with each other, allowing you to E-mail is easier and more convenient to use. MDispersion H57TA mail server calendar can be integrated with Google Calendar, all schedules can be viewed on the same page, and meetings, work or private leisure time can be easily arranged.

Personal calendar
Webmail's easy-to-use calendar tool also helps you manage daily events and calendars. And provides a group calendar function, so that you can also grasp all department-related activities at the same time. MDispersion H57TA Webmail calendar not only has a web version of operating settings, but also provides APP applications (including IOS and Android), the two can be synchronized schedule.

Simple management
Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close the remote control service of ping / http / https at will. Also provides a variety of network testing tools, including PING, Traceroute, DNS query, Port query and other tools.

Encrypted mail compression (full email or attached file)
The MDispersion H168 mail host allows enterprises to provide a more secure operating structure for gateways and terminals under the existing mail system architecture. Managers can convert entire .eml emails to encrypted PDF files for specific personnel, or only encrypt and compress the attachments of their emails to ensure that emails are stolen during transmission and leak important information. The recipient can use a PDF reader when receiving the email, and enter the password to view the original email content, including of course the attached attachment file.

System backup and restore
For the set backup content, the backup is performed at a specified time. It is more convenient to directly use the USB slot on the HERHSIANG mail server interface for backup, making it easier for the administrator to maintain. After using USB HDD for full machine backup, if the local system hard disk fails, select the USB backup system hard disk to be used when booting, and the whole machine will return to the state before the backup, which can replace the tape drive to the system. Do permanent storage.

Hardware specifications
DDRIII-RAM: 4GB
SATA-III HDD: M2 SSD 500GB*1 and system backup disk HDD 500GB*1
USB 3.0 Port: 2
Number of people: Unlimited
System Management
Management settings using a browser (HTTPS)
Supported Service Agreement
ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS
OnBoard web interface
1 LAN / 1 HA (All Giga Port)
Use environment
Operating environment temperature: 0 ~ 60 ° C / Operating environment humidity: 5% ~ 95%
Safety certification
FCC, CE, UL, cUL
Model size
318mm (D) x 206mm (H) x 197mm (W)
Power Supplier
Input power: 100 ~ 250 VAC (manual switching) / Power supply: 250 Watts / Power on automatically starts
Placement: DESKTOP
 

Top 5
Desktop Firewall Desktop Firewall
In today's information-developed generation, the network system has become a tool that the world depends on, and its security and danger have also become the most important piece. Therefore, in the pursuit of using the Internet, people not only choose speed, but also have to be able to take into account defense in order to help companies protect private data and create a stable working environment.
HERHSIANG NGS 3H is a next-generation firewall device with both speed and security, and supports USB2.0 port. It can connect 3G and 4G / LTE USB as another WAN network backup option. The NAT processing performance is up to 1.8 Gbps. . In addition to the firewall function, NGS 3H also has many powerful functions such as bandwidth management, load balancing, content filtering, and virtual private tunnel (IPSec VPN).
NGS 3H is suitable for small and medium-sized enterprises and SOHO network environments of different sizes, and once meets the needs of professional customers for network security defense. It helps enterprises to block all kinds of virus threats on the front line of the network gateway in real time, while still keeping the network with satisfactory high-quality performance.
 
Balance performance and function
HERHSIANG NGS 3H, its hardware platform is carefully designed with X86 hardware devices, so that enterprise users can fully appreciate the security protection provided by HERHSIANG New Generation Firewall. For customers with high connectivity requirements, provide high-performance security modules to improve connectivity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
The IP v4 address is in short supply, and the IP v6 era is coming sooner or later, so HERHSIANG has integrated this trend when developing the next generation of Firewall. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so NGS 3H is the same regardless of the pure v4 environment, v4/v6 hybrid, and pure v6 environment.

Support SDN controller
Supporting SDN controller, more than one port group can be combined into ZONE, which is directly managed by SDN controller, and ZONE and ZONE packets are transmitted, and will also be detected by NGS 3H packet. It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which has independent operation and does not interfere with each other.
 

SSL encrypted connection detection
With the ability to detect SSL traffic, it can apply intrusion detection defense, gateway anti-virus, content filtering and application bandwidth management when faced with SSL-encrypted connection traffic.

Load balancing
Provides outbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line, ensuring that the internal user network is unblocked. When the line is restored, the packet is buffered. It will be automatically assigned. The enterprise can set the load balancing rules according to the requirements, and the network access can perform the network traffic load balancing guidance by referring to the set rules. The algorithms are: automatic allocation, manual allocation, source IP allocation, and destination IP allocation.



Abnormal IP analysis
Any network behavior, regardless of which software the user performs, is roughly divided into the number of connected and downloaded Connect Sessions, Flows, and Durations from the perspective of network packets. The combination of quantities estimates whether the user is using the network normally or has abnormal behavior. When an internal user's abnormal behavior is discovered, the administrator can take various strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling the collaborative defense mechanism to notify the switch to block it or notify the administrator.

Bandwidth Management (QoS)
Help network administrators control network traffic, effectively slow down corporate network congestion, improve serviceability and bandwidth usage. With QoS (Bandwidth Management), it can distribute limited bandwidth to all users. The difference from the general bandwidth manager is that NGS 3H has a guaranteed bandwidth function in addition to maximum bandwidth and priority management. It also has a personalized bandwidth management design that allows for bandwidth management settings for individual users. If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to users under the enterprise, which can effectively prevent the bandwidth from being exclusive to the user.

Content filtering
Provide Web Filter (Web Filter) to block inappropriate access to web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and to set up filtering conditions to block inappropriate websites.

URL database management
The built-in "cloud URL database" automatically classifies web pages. Managers can easily control against harmful URLs. You can easily control them without having to enter the IP address and keywords of the website one by one. Any choice of harmful URLs is a source of sin. The best way to prevent blocking is to ban the use of the Internet. If it is not completely banned, using a constantly updated URL database is the best protection mechanism.

Online behavior record
Some employees of the company go online during work hours, do things that are not for work purposes, have small chats, and have a lot of secrets. In addition to limiting the permissions used by user-related applications, NGS 3H can also record related online behaviors, including browsing web pages and mail delivery. When a company has a leak, the information that has been saved is the best evidence used to prove it.

Traffic Analysis
Provides traffic analysis tools, whether it is the internal user computer on/off status, network traffic instant display, protocol assignment and traffic leaderboard, when the line is fully loaded, you can immediately find the traffic murderer.

Application management
Various network application softwares are not only difficult to manage, but also easier to become the best conduit for data leakage and virus attacks. NGS 3H has built-in multiple application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees to use application software. Permissions to protect corporate network security.
 
VPN function
Use IPSec, PPTP, L2TP, and SSL VPN to secure connection between Site to Site, Point to Site, and remote users. Through these VPN mechanisms, users can connect to different devices, such as laptops, branch offices, business offices, mobile devices or homes, from different locations, including home and external public information service stations and the Internet. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Graphical traffic report (DashBoard purchase)

Provides a flow report of the WEB interface, and draws the historical state of the system into a chart, so that the administrator can keep abreast of the current system operation status. NGS 3H provides system status chart (including CPU load map, memory load map, system load), network traffic graph (LAN traffic, WAN1~WAN2 traffic and DMZ traffic), and provides query conditions to quickly search each traffic status history. 
 
 

 
Desktop IPS Firewall Desktop IPS Firewall
In today's information-developed generation, the network system has become a tool that the world depends on, and its security and danger have also become the most important piece. Therefore, in the pursuit of using the Internet, people not only choose speed, but also have to be able to take into account defense in order to help companies protect private data and create a stable working environment.
HERHSIANG NGS 5H is a next-generation firewall device with both speed and security, and supports USB2.0 port, which can connect 3G and 4G / LTE USB as another WAN network backup option, with NAT processing performance up to 1.8 Gbps . In addition to the firewall function, NGS 5H also has many powerful functions such as IPS, anti-virus, bandwidth management, Internet behavior management, load balancing, content filtering, virtual private tunnel (IPSec VPN), and collaborative defense.
NGS 5H is suitable for small and medium-sized enterprises and SOHO network environments of different sizes, and once meets the needs of professional customers for network security defense. It helps enterprises to block all kinds of virus threats on the front line of the network gateway in real time, while still keeping the network with satisfactory high-quality performance.
 
Balance performance and function
HERHSIANG NGS 5H, its hardware platform is carefully designed with X86 hardware devices, so that enterprise users can fully appreciate the security protection provided by HERHSIANG New Generation Firewall. For customers with high connectivity requirements, provide high-performance security modules to improve connectivity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
The IP v4 address is in short supply, and the IP v6 era is coming sooner or later, so HERHSIANG has integrated this trend when developing the next generation of Firewall. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so NGS 5H is the same whether it is in pure v4 environment, v4/v6 hybrid, pure v6 environment.

Support SDN controller
Supporting SDN controller, more than one port group can be combined into ZONE, which is directly managed by SDN controller, and ZONE and ZONE packets are transmitted, and will also be detected by NGS 5H packet. It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which has independent operation and does not interfere with each other.
 

SSL encrypted connection detection
With the ability to detect SSL traffic, it can apply intrusion detection defense, gateway anti-virus, content filtering and application bandwidth management when faced with SSL-encrypted connection traffic.

Load balancing
Provides outbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line, ensuring that the internal user network is unblocked. When the line is restored, the packet is buffered. It will be automatically assigned. The enterprise can set the load balancing rules according to the requirements, and the network access can perform the network traffic load balancing guidance by referring to the set rules. The algorithms are: automatic allocation, manual allocation, source IP allocation, and destination IP allocation.



IPS intrusion prevention
IPS It checks the contents corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs, viruses, hidden in the TCP/IP communication protocol, and after the detailed content check, the qualified signature will be Marked out, once it is discovered, it can block the packet immediately, so that these malicious packets passing through the firewall are invisible.


Threat detection defense

Providing the most complete defense-in-depth mechanism of the enterprise, the attack behavior of the current network cannot rely on single-point protection and requires complete defense in depth. With different levels of defense technology, it is possible to reduce the potential threat behavior that the enterprise may suffer. In addition to providing firewalls, intrusion detection systems (IPS) and anti-virus as the basis for enterprise security protection, Hexiang NGS 5H can enhance the detection of malicious programs for traffic, web pages and emails, and the related analysis of different security mechanisms. To play the role of defense in depth.

Mail gateway protection
The enterprise already has a mail host, but the spam filtering performance is not good. The NGS 5H can be used as a mail gateway mode to supplement the original mail server, such as spam filtering and virus letter filtering. After filtering the virus and advertising mail through NGS 5H, send the clean mail to the mail host.

Virus letter filtering
Clam AV anti-virus engine protection, free Clam AV anti-virus engine, can detect millions of viruses, worms, Trojans, automatically scan for viruses, and automatically update virus files every day through the Internet. And provide virus mail search conditions. The administrator can set the poisoning mail processing method, including the automatic deletion, the poisoned mail extension file name and the poison mail notification letter. Kabbah antivirus engine is also available.

Abnormal IP analysis
Any network behavior, regardless of which software the user performs, is roughly divided into the number of connected and downloaded Connect Sessions, Flows, and Durations from the perspective of network packets. The combination of quantities estimates whether the user is using the network normally or has abnormal behavior. When an internal user's abnormal behavior is discovered, the administrator can take various strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling the collaborative defense mechanism to notify the switch to block it or notify the administrator.

Bandwidth Management (QoS)
Help network administrators control network traffic, effectively slow down corporate network congestion, improve serviceability and bandwidth usage. With QoS (Bandwidth Management), it can distribute limited bandwidth to all users. The difference with the general bandwidth manager is that the NGS 5H has a guaranteed bandwidth as well as maximum bandwidth and priority management. It also has a personalized bandwidth management design that allows for bandwidth management settings for individual users. If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to users under the enterprise, which can effectively prevent the bandwidth from being exclusive to the user.

Content filtering
Provide Web Filter (Web Filter) to block inappropriate access to web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and to set up filtering conditions to block inappropriate websites.

URL database management
The built-in "cloud URL database" automatically classifies web pages. Managers can easily control against harmful URLs. You can easily control them without having to enter the IP address and keywords of the website one by one. Any choice of harmful URLs is a source of sin. The best way to prevent blocking is to ban the use of the Internet. If it is not completely banned, using a constantly updated URL database is the best protection mechanism.

Online behavior record
Some employees of the company go online during work hours, do things that are not for work purposes, have small chats, and have a lot of secrets. In addition to limiting the permissions used by user-related applications, NGS 5H can also record related online behaviors, including browsing web pages and mail delivery. When a company has a leak, the information that has been saved is the best evidence used to prove it.

Traffic Analysis
Provides traffic analysis tools, whether it is the internal user computer on/off status, network traffic instant display, protocol assignment and traffic leaderboard, when the line is fully loaded, you can immediately find the traffic murderer.

Application management
Various network application softwares are not only difficult to manage, but also easier to become the best conduit for data leakage and virus attacks. NGS 5H has built-in multiple application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees to use application software. Permissions to protect corporate network security.
 
VPN function
Use IPSec, PPTP, L2TP, and SSL VPN to secure connection between Site to Site, Point to Site, and remote users. Through these VPN mechanisms, users can connect to different devices, such as laptops, branch offices, business offices, mobile devices or homes, from different locations, including home and external public information service stations and the Internet. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Graphical traffic report (DashBoard purchase)
Provides a flow report of the WEB interface, and draws the historical state of the system into a chart, so that the administrator can keep abreast of the current system operation status. NGS 5H provides system status chart (including CPU load map, memory load map, system load), network traffic graph (LAN traffic, WAN1~WAN3 traffic), and provides query conditions to quickly search each traffic status history. 
 

 

 

MD 1U Mail Server MD 1U Mail Server
Decentralized mail architecture
For companies, institutions, or schools that provide multi-site or high-traffic e-mail needs, it can speed up mail delivery and communication. The database, account number, and e-mail communication records between the main and auxiliary machines will be synchronized with each other through encrypted channels. For the communication records of all mails, whether it is outbound, inbound or internal mails of each outbound point, will be aggregated into the database of the mail service of the computer center, in case you want to query The communication records of the mails are all based, and the mail hosts of the external point (slave) all receive and send mails from the local mail host. There is no need to wait for the reply from the remote host, which speeds up the processing speed of the mail and has remote backup Aid mechanism function.
Support IPV4 / IPV6 address
The built-in IPV4 / V6 dual-frequency DNS server provides the functions required for a complete DNS service. For example, DNS forward check, reverse check, A, AAAA records, etc., solve the inconvenience and trouble of the administrator to set up the DNS server.
  
Easy to install
All management items of MDispersion H57TA can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.
  
Home details
The MDispersion H57TA homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Multi-domain independent mail system function
MDispersion H57TA has a multi-domain independent mail system function (multi-DOMAIN). In addition to setting the domain name of its parent company, if it also needs to receive other branch domain name letters at the same time, you can enter other domain names on the system. There is no limit to the number of multi-domain names, which allows the enterprise mail system to have multiple mail domain aliases at the same time.

Exclusive IOS & Android Mail App
MDispersion H57TA provides a dedicated App sending and receiving program, which is synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G, allowing you to keep track of mail messages at any time.





Mail firewall
Through anomalous traffic detection, authentication anomaly detection, authentication and sender confirmation, you can perform in-depth email detection and filter out email threats that traditional firewalls cannot intercept. All advertising spam letters, massive email attacks, and Trojan horses. , Dictionary attacks or hacking attacks, etc., can be filtered through the mail firewall layer by layer to protect the security of corporate mail operations.

Mail Gateway Protection
High-efficiency spam filtering function. The Mail Gateway solution that can be safely deployed in the front of the mail server. It uses OS64 3.0 technology and multiple layers of mail scanning mechanisms to effectively block increasing spam, viruses, malicious mail, springboards, and phishing. Threats such as email and spyware sending help companies effectively manage email security protection and improve email service quality.

Multi-layer spam filtering mechanism
MDispersion H57TA mail server has built-in gray list, fingerprint identification, black and white list setting, IP address anti-decryption verification, SPF verification, sender abnormality verification, DKIM verification function, and has text link filtering and abnormal sending Detection and protection mechanism, which can filter and parse the URL of the message body, and detect and scan compressed archives (ZIP / RAR). Any irregularity can be filtered or blocked, which can greatly reduce the threat from email threat .

Smart Spam Learning Mechanism
Phishing email attacks and infiltration methods have been continuously improved, from emails, pictures, file archives, web page advertisements, system vulnerabilities to encrypted ransomware. MDispersion H57TA uses advanced tools (smart learning) to interpret all incoming and outgoing email data and analyze the threats that may be hidden in it. For example, use the spam classification engine to automatically learn the letter characteristics of SPAM and HAM to help identify thousands of malicious programs or viruses. MDispersion H57TA will deal with the complex problem of email. Through the concept of interconnection and data sharing, the email data will be transmitted through the cloud intelligent learning system to prevent and track the source of malicious attacks.

Sandstorm malware filtering mechanism
Advanced Sandstorm can effectively detect unknown advanced malware attachments, such as common Microsoft, Word, Excel, Power Point or PDF; or targeted phishing emails, or even compressed files, such as common ZIP and RAR, Sandstorm defense Before scanning Spam or Virus for corporate email, first compare the suspicious attachments and isolate the problematic letters, so that the hidden malicious programs can take shape and avoid affecting user email reception.

Ransomware protection
Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. The MDispersion H57TA email system provides a URL body link filtering database, which breaks through the general filtering against the sender's source IP or domain. MDispersion H57TA plus the body IP and domain can effectively prevent ransomware attacks.

Virus Letter Filter
Built-in two sets of anti-virus engines, Calm AV anti-virus engine (free) and Kaspersky (optional). Anti-virus software Clam AV can detect more than 4 million types of viruses, worms, and Trojans. No matter email, WEB, or FTP, it will automatically scan for viruses, update virus files automatically through the Internet daily, and provide rankings of virus messages Leaderboard report. Automatically check for virus patterns daily. Kaspersky Anti-Virus provides enterprise-class network security protection against viruses, malware, spam, and other threats, taking into account performance and detection.

SPF and DKIM authentication mechanism
SPF sender source verification can filter out letters from illegal hosts forged by legitimate domains; DKIM domain verification emails can be used to prevent email content from being tampered with. When sending the mail, the server signs the mail with the private key, and confirms the public key data recorded above with the sender's domain through DNS. It can be paired successfully with the private key, which means that the mail was indeed sent by the original sender. Both the receiving end and the sending end can use DKIM authentication to prevent spammers from spamming, sending spam letters through fake mail senders and fake private key signatures.

Message Encryption (TLS) for secure message delivery
The MDispersion H57TA mail server supports TLS (all MDispersion models). When users send and receive mail through SMTP, POP3, or IMAP, the mail will be transmitted using TLS encrypted connection, allowing mail data to be transmitted between personal devices and mail hosts. In this way, it is possible to securely prevent theft from being encrypted.

"Mail Security Signature" Identity Authentication Mechanism
Most hacking methods will steal the recipient's letter, fake the sender's reply scam, and in order to make the recipient reply to the letter for verification and not be received by the original sender, the sender's name will be partially changed. , So that the recipient is deceived without any doubt about him. MDispersion H57TA mail security seal, provide personal verification seal and develop a seal icon, so that after receiving the letter, the recipient can return to the sending mail host through the link to confirm the original letter content, and check the confirmation letter sent Whether the content is consistent and consistent with the content.

Email content audit filtering
Automatically filter and scan emails in accordance with corporate regulations or internal rules of the organization to detect inappropriate email behavior. Not only can scan the complete message content, but also perform keyword scanning for individual domains where the message is sent (outbound, inbound, outbound), and for filtering methods that meet the filtering conditions such as quarantine, delete, block sender IP, and send notification Letters, carbon copies, etc. can help system administrators comply with regulations inside and outside the enterprise.

Personal data filtering protection
In order to respond to the protection of personal information laws, provide the filtering function of personal information filtering, and perform filtering audit settings for sensitive personal information. Administrators can directly choose to check the identity card number, credit card number, phone number, mobile phone number, date of birth Wait for filtering conditions for control.

Mail log function backup
For all the mail entering or leaving the mail server or mail gateway, along with the enclosing file, all the records are recorded, the user's computer letters are not visible, and can be forwarded to the user by the recorder, and can be automatically backed up to the network neighborhood or FTP Server, and provide corresponding fields for quick query and intercept reason query, which can help managers understand the status of mail exchanges. Quickly search and read email data backed up externally. The most important thing is that the format of the stored email is eml, which can be easily read or searched under any operating system.

Painless transfer of letters
With the function of automatic account creation, the original mail host account and letter can be automatically converted. The administrator does not need to re-enter the account number and password, which reduces the trouble of new and old mail host replacement and account creation. In addition to automatic account creation / transfer settings, it also provides user account manual creation and AD account integration modes.

Decentralized management and management
According to the decentralization and decentralization policy of the enterprise department, the authority and management items for each administrator to log in to the management interface can be defined, including mail records, user management, system management, log query, audit management, traffic statistics, POP3 proxy, etc.

Various statistical reports
Provide diversified and easy-to-read statistical report information-including various kinds of statistics including traffic rankings, POP3 traffic rankings, personal reports, user traffic rankings, letter type distribution, audit isolation rankings, equipment dangerous password rankings, spam source rankings, etc. Auxiliary charts, and can set the chart column.

Dual-machine (HA) and remote backup function
"Creating a never-ending network", dual-machine backup allows the main mail host of an enterprise to stop working when there is an abnormal operation. The backup mail host will automatically take over as the main mail host, allowing the corporate mail host to stay on for 24 hours. working normally. The off-site backup is to set up a dedicated mail host in the head office and the branch office. When the mail host fails in any place, the system can automatically switch to another host to keep it running. There are interruptions, and truly offsite backup services are available.



POP3 proxy
In addition to the company's email account, users may have other important accounts in use. To grasp the latest information, they often need to log in to different browser pages to collect the letters all at once. In order to save users the time and convenience of receiving mails, the HERHSIANG mail server provides the function of POP3 proxy. All the mails can be collected by the local account, and users can also set their own POP3 proxy function through Webmail interface.

Oversized attachment sending function
MDispersion H57TA decentralized architecture mail server mail sending method, eliminates the problem of capacity limitation. Adopts the method of downloading the mail attachment file with a super download. When the sender's sending capacity exceeds the administrator's setting, the user receives When you send a letter, you can quickly download the file in http or encrypted mode (https).

New Webmail
HERHSIANG mail server has built-in Outlook like Webmail, which is similar to Outlook express style user interface, which is convenient for users to use immediately. You can browse, compose, and send and receive emails directly through any browser (http or https). The connection transmission process is protected by encryption to ensure the security of email communication.

Push Mail
With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? MDispersion H57TA mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.
  
Newsletter delivery system
E-newsletters are an indispensable marketing tool for business operations. Many new products are often listed on the company. Of course, the publicity of old products is not a problem. In the past, most new product descriptions were sent to customers by email. Sending by e-newsletter is time-saving and convenient.

Webmail folder sharing (cloud disk)
MDispersion H57TA mail host cloud hard disk provides a space for all users to share, users can share information, briefing materials, technical documents, market information, etc., through the interface can quickly upload or download files, and classify these files, which Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Webmail 2-step verification
Users can steal passwords by using the same password on multiple websites, downloading software over the Internet, and clicking links in email messages. MDispersion H57TA Webmail uses a two-step verification mechanism to ensure account security through LINE notification verification or backup email. Even if a bad person steals your password, 2-step verification still keeps your account secure.

Co-signed files (mail disclaimer)
For the mail sent by the company, the company's common signature file (including the mail disclaimer) can be automatically annotated, and different content can be set according to different domain names, and the administrator can set the content of the signature file, and the account without the shared signature file With IP address.

Outlook address book, Google calendar synchronization integration
Allows users to synchronize the use of webmail and outlook contact list (including groups), MDispersion H57TA provides Outlook Connector communication synchronization integration function, whether you use it in Outlook or Webmail interface, you can quickly and regularly synchronize with each other, allowing you to E-mail is easier and more convenient to use. MDispersion H57TA mail server calendar can be integrated with Google Calendar, all schedules can be viewed on the same page, and meetings, work or private leisure time can be easily arranged.

Personal calendar
Webmail's easy-to-use calendar tool also helps you manage daily events and calendars. And provides a group calendar function, so that you can also grasp all department-related activities at the same time. MDispersion H57TA Webmail calendar not only has a web version of operating settings, but also provides APP applications (including IOS and Android), the two can be synchronized schedule.

Simple management
Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close the remote control service of ping / http / https at will. Also provides a variety of network testing tools, including PING, Traceroute, DNS query, Port query and other tools.

Encrypted mail compression (full email or attached file)
The MDispersion H57TA mail host allows enterprises to provide a more secure operating structure for gateways and terminals under the existing mail system architecture. Managers can convert entire .eml emails to encrypted PDF files for specific personnel, or only encrypt and compress the attachments of their emails to ensure that emails are stolen during transmission and leak important information. The recipient can use a PDF reader when receiving the email, and enter the password to view the original email content, including of course the attached attachment file.

System backup and restore
For the set backup content, the backup is performed at a specified time. It is more convenient to directly use the USB slot on the HERHSIANG mail server interface for backup, making it easier for the administrator to maintain. After using USB HDD for full machine backup, if the local system hard disk fails, select the USB backup system hard disk to be used when booting, and the whole machine will return to the state before the backup, which can replace the tape drive to the system. Do permanent storage.

Hardware specifications
DDRIII-RAM: ECC 8GB
SATA-III HDD: 3.5 "Enterprise Disk 4000GB * 1 3.5" NAS Red Label 4000GB * 1
USB 3.0 Port: 2
Number of people: Unlimited
System Management
Management settings using a browser (HTTPS)
Supported Service Agreement
ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS
OnBoard web interface
1 LAN / 1 HA / 1 iSCSI Port (All Giga Port)
Hot extraction box (panel lockable, with key)
2
Use environment
Operating environment temperature: 0 ~ 60 ° C / Operating environment humidity: 5% ~ 95%
Safety certification
FCC, CE, UL, cUL
Model size
350mm (D) x 219mm (H) x 214mm (W)
Power Supplier
Input power: 100 ~ 250 VAC (manual switching) / Power supply: 250 Watts / Power on automatically starts
Placement: rack
MD 2U Mail Server MD 2U Mail Server

Built-in 2 hard disk arrays support hot extraction (RAID 0 1)

Supports two 3.5 ”SATA hard drives.
Support SATAIII interface to connect with host.
Support RAID 0, 1.
Supports a single hard drive with a capacity of more than 500GB.
Provide 2 Hot Swap hard disk extraction boxes, support online hard disk hot swap.
Support online automatic rebuild after updating the hard disk, the maximum rebuild speed is 200GB per hour.
Supports disk roaming technology.
Support sleep power saving mode.
Support online bad track detection and repair function.
Supports the function of delayed staggered startup of hard disks to reduce the power consumption when booting.
The front LCD display panel can monitor the hard disk status, system voltage, temperature, and fan operation detection.
With LED status indicator, hard disk access / fault indicator.
Support buzzer sound warning.
Built-in 5cm ball bearing cooling fan to increase system stability.
  
Decentralized mail architecture
For companies, institutions, or schools that provide multi-site or high-traffic e-mail needs, it can speed up mail delivery and communication. The database, account number, and e-mail communication records between the main and auxiliary machines will be synchronized with each other through encrypted channels. For the communication records of all mails, whether it is outbound, inbound or internal mails of each outbound point, will be aggregated into the database of the mail service of the computer center, in case you want to query The communication records of the mails are all based, and the mail hosts of the external point (slave) all receive and send mails from the local mail host. There is no need to wait for the reply from the remote host, which speeds up the processing speed of the mail and has remote backup Aid mechanism function.
Support IPV4 / IPV6 address
The built-in IPV4 / V6 dual-frequency DNS server provides the functions required for a complete DNS service. For example, DNS forward check, reverse check, A, AAAA records, etc., solve the inconvenience and trouble of the administrator to set up the DNS server.
  
Easy to install
All management items of MDispersion H91X can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.
  
Home details
The MDispersion H91X homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Multi-domain independent mail system function
MDispersion H91X has a multi-domain independent mail system function (multi-domain). In addition to setting the domain name of its parent company, if it needs to receive other branch domain name letters at the same time, you can enter other domain names on the system. MDispersion H91X There is no limit to the number of multi-domain names, which allows the enterprise mail system to have multiple mail domain aliases at the same time.

Exclusive IOS & Android Mail App
MDispersion H91X provides a dedicated App sending and receiving program, which is synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G timing, allowing you to grasp the mail messages at any time.
 
 
 
Mail firewall
Through anomalous traffic detection, authentication anomaly detection, authentication and sender confirmation, you can perform in-depth email detection and filter out email threats that traditional firewalls cannot intercept. All advertising spam letters, massive email attacks, and Trojan horses. , Dictionary attacks or hacking attacks, etc., can be filtered through the mail firewall layer by layer to protect the security of corporate mail operations.

Mail Gateway Protection
High-efficiency spam filtering function. The Mail Gateway solution that can be safely deployed in the front of the mail server. It uses OS64 3.0 technology and multiple layers of mail scanning mechanisms to effectively block increasing spam, viruses, malicious mail, springboards, and phishing. Threats such as email and spyware sending help companies effectively manage email security protection and improve email service quality.

Multi-layer spam filtering mechanism
MDispersion H91X mail server has built-in gray list, fingerprint identification, black and white list setting, IP address anti-decryption verification, SPF verification, sender abnormality verification, DKIM verification function, and has text link filtering and abnormal sending Detection and protection mechanism, which can filter and parse the URL of the message body, and detect and scan compressed archives (ZIP / RAR). Any irregularity can be filtered or blocked, which can greatly reduce the threat from email threat .

Smart Spam Learning Mechanism
Phishing email attacks and infiltration methods have been continuously improved, from emails, pictures, file archives, web page advertisements, system vulnerabilities to encrypted ransomware. The MDispersion H91X research and development team uses advanced tools (smart learning) to interpret all incoming and outgoing emails and analyze the threats that may be hidden in them. For example, use the spam classification engine to automatically learn the letter characteristics of SPAM and HAM to help identify thousands of malicious programs or viruses. MDispersion H91X will handle the complex problem of email. Through the concept of interconnection and data sharing, the email data will be transmitted through the cloud intelligent learning system to prevent and track the source of malicious attacks.

Sandstorm malware filtering mechanism
Advanced Sandstorm can effectively detect unknown advanced malware attachments, such as common Microsoft, Word, Excel, Power Point or PDF; or targeted phishing emails, or even compressed files, such as common ZIP and RAR, Sandstorm defense Before scanning Spam or Virus for corporate email, first compare the suspicious attachments and isolate the problematic letters, so that the hidden malicious programs can take shape and avoid affecting user email reception.

Ransomware protection
Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. The MDispersion H91X mail system provides a URL text filtering database, which breaks through the general filtering against the sender's source IP or domain. MDispersion H91X plus the text IP and domain can effectively prevent ransomware attacks.

Virus Letter Filter
Built-in two sets of anti-virus engines, Calm AV anti-virus engine (free) and Kaspersky (optional). Anti-virus software Clam AV can detect more than 4 million types of viruses, worms, and Trojans. No matter email, WEB, or FTP, it will automatically scan for viruses, update virus files automatically through the Internet daily, and provide rankings of virus messages Leaderboard report. Automatically check for virus patterns daily. Kaspersky Anti-Virus provides enterprise-class network security protection against viruses, malware, spam, and other threats, taking into account performance and detection.

SPF and DKIM authentication mechanism
SPF sender source verification can filter out letters from illegal hosts forged by legitimate domains; DKIM domain verification emails can be used to prevent email content from being tampered with. When sending the mail, the server signs the mail with the private key, and confirms the public key data recorded above with the sender's domain through DNS. It can be paired successfully with the private key, which means that the mail was indeed sent by the original sender. Both the receiving end and the sending end can use DKIM authentication to prevent spammers from spamming, sending spam letters through fake mail senders and fake private key signatures.

Message Encryption (TLS) for secure message delivery
The MDispersion H91X mail server supports TLS (all MDispersion models). When users send and receive mail through SMTP, POP3 or IMAP, the mail will be transmitted using TLS encrypted connection, allowing mail data to be transmitted between personal devices and mail hosts In this way, it is possible to securely prevent theft from being encrypted.

"Mail Security Signature" Identity Authentication Mechanism
Most hacking methods will steal the recipient's letter, fake the sender's reply scam, and in order to make the recipient reply to the letter for verification and not be received by the original sender, the sender's name will be partially changed. , So that the recipient is deceived without any doubt about him. MDispersion H91X email security seal, provide personal verification seal and develop a seal icon, so that after receiving the letter, the recipient can return to the sending mail host through the link to confirm the original letter content and check the confirmation letter Whether the content is consistent and consistent with the content.

Email content audit filtering
Automatically filter and scan emails in accordance with corporate regulations or internal rules of the organization to detect inappropriate email behavior. Not only can scan the complete message content, but also perform keyword scanning for individual domains where the message is sent (outbound, inbound, outbound), and for filtering methods that meet the filtering conditions such as quarantine, delete, block sender IP, and send notification Letters, carbon copies, etc. can help system administrators comply with regulations inside and outside the enterprise.

Personal data filtering protection
In order to respond to the protection of personal information laws, provide the filtering function of personal information filtering, and perform filtering audit settings for sensitive personal information. Administrators can directly choose to check the identity card number, credit card number, phone number, mobile phone number, date of birth Wait for filtering conditions for control.

Mail log function backup
For all the mail entering or leaving the mail server or mail gateway, along with the enclosing file, all the records are recorded, the user's computer letters are not visible, and can be forwarded to the user by the recorder, and can be automatically backed up to the network neighborhood or FTP Server, and provide corresponding fields for quick query and intercept reason query, which can help managers understand the status of mail exchanges. Quickly search and read email data backed up externally. The most important thing is that the format of the stored email is eml, which can be easily read or searched under any operating system.

Painless transfer of letters
With the function of automatic account creation, the original mail host account and letter can be automatically converted. The administrator does not need to re-enter the account number and password, which reduces the trouble of new and old mail host replacement and account creation. In addition to automatic account creation / transfer settings, it also provides user account manual creation and AD account integration modes.

Decentralized management and management
According to the decentralization and decentralization policy of the enterprise department, the authority and management items for each administrator to log in to the management interface can be defined, including mail records, user management, system management, log query, audit management, traffic statistics, POP3 proxy, etc.

Various statistical reports
Provide diversified and easy-to-read statistical report information-including various kinds of statistics including traffic rankings, POP3 traffic rankings, personal reports, user traffic rankings, letter type distribution, audit isolation rankings, equipment dangerous password rankings, spam source rankings, etc. Auxiliary charts, and can set the chart column.

Dual-machine (HA) and remote backup function
"Creating a never-ending network", dual-machine backup allows the main mail host of an enterprise to stop working when there is an abnormal operation. The backup mail host will automatically take over as the main mail host, allowing the corporate mail host to stay on for 24 hours. working normally. The off-site backup is to set up a dedicated mail host in the head office and the branch office. When the mail host fails in any place, the system can automatically switch to another host to keep it running. There are interruptions, and truly offsite backup services are available.



POP3 proxy
In addition to the company's email account, users may have other important accounts in use. To grasp the latest information, they often need to log in to different browser pages to collect the letters all at once. In order to save users the time and convenience of receiving mails, the HERHSIANG mail server provides the function of POP3 proxy. All the mails can be collected by the local account, and users can also set their own POP3 proxy function through Webmail interface.

Oversized attachment sending function
MDispersion H91X decentralized structure mail server mail sending method, eliminates the problem of capacity limitation. Adopts super knot download instead of letter attachment file to enter, when the sender's sending capacity exceeds the administrator's setting, the user receives When you send a letter, you can quickly download the file in http or encrypted mode (https).

New Webmail
HERHSIANG mail server has built-in Outlook like Webmail, which is similar to Outlook express style user interface, which is convenient for users to use immediately. You can browse, compose, and send and receive emails directly through any browser (http or https). The connection transmission process is protected by encryption to ensure the security of email communication.

Push Mail
With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? MDispersion H91X mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.
  
Newsletter delivery system
E-newsletters are an indispensable marketing tool for business operations. Many new products are often listed on the company. Of course, the publicity of old products is not a problem. In the past, most new product descriptions were sent to customers by email. Sending by e-newsletter is time-saving and convenient.

Webmail folder sharing (cloud disk)
MDispersion H91X mail host cloud hard disk provides a space for all users to share. Users can share information, briefing materials, technical documents, market information, etc. Through the interface, they can quickly upload or download files, and classify these files. Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Webmail 2-step verification
Users can steal passwords by using the same password on multiple websites, downloading software over the Internet, and clicking links in email messages. MDispersion H91X Webmail uses a two-step verification mechanism to ensure account security through LINE notification verification or backup email. Even if a bad person steals your password, 2-step verification still keeps your account secure.

Co-signed files (mail disclaimer)
For the mail sent by the company, the company's common signature file (including the mail disclaimer) can be automatically annotated, and different content can be set according to different domain names, and the administrator can set the content of the signature file, and the account without the shared signature file With IP address.

Outlook address book, Google calendar synchronization integration
Allows users to synchronize the use of webmail and outlook contact list (including groups). MDispersion H91X provides Outlook Connector communication synchronization integration function. Whether you use it in Outlook or Webmail interface, you can synchronize with each other quickly and regularly. E-mail is easier and more convenient to use. MDispersion H91X mail server calendar can be integrated with Google calendar, all schedules can be viewed on the same page, and meetings, work or private leisure time can be easily arranged.

Personal calendar
Webmail's easy-to-use calendar tool also helps you manage daily events and calendars. And provides a group calendar function, so that you can also grasp all department-related activities at the same time. MDispersion H91X Webmail calendar has a web version of operation settings, and also provides APP applications (including IOS and Android), the two can be synchronized schedule.

Simple management
Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close the remote control service of ping / http / https at will. Also provides a variety of network testing tools, including PING, Traceroute, DNS query, Port query and other tools.

Encrypted mail compression (full email or attached file)
MDispersion H91X mail host allows enterprises to provide a more secure operating structure for gateways and terminals under the existing mail system architecture. Managers can convert entire .eml emails to encrypted PDF files for specific personnel, or only encrypt and compress the attachments of their emails to ensure that emails are stolen during transmission and leak important information. The recipient can use a PDF reader when receiving the email, and enter the password to view the original email content, including of course the attached attachment file.

System backup and restore
For the set backup content, the backup is performed at a specified time. It is more convenient to directly use the USB slot on the HERHSIANG mail server interface for backup, making it easier for the administrator to maintain. After using USB HDD for full machine backup, if the local system hard disk fails, select the USB backup system hard disk to be used when booting, and the whole machine will return to the state before the backup, which can replace the tape drive to the system. Do permanent storage.

Support RAID0 or RAID1 function
RAID0 divides the data into multiple blocks. When the data is written to the hard disk and read at the same time, the blocks can also be read from each hard disk at the same time, so it has very good performance. RAID1 needs to write the same data to each hard disk, and the writing speed is no different from a single hard disk. As for reading data, because it can read data from different hard disks simultaneously, the reading speed will be a little faster than a single hard disk.

Hardware specifications
CPU: INTEL E3 XEON E3-1200 V5 CPU
Motherboard: SUPERMICOR server level
DDRIII-RAM ECC: 16GB (2 8GB) dual channel
SATA-III HDD: Enterprise-class 2000GB * 2 Shipped RAID 0 (RAID 0 for internal 2-tier disk array subsystem box)
Built-in backup device hard drive (Enterprise-grade 4000GB * 1)
USB 2.0 Port: 4
Number of people: Unlimited
System Management
Management settings using a browser (HTTPS)
Supported Service Agreement
ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS
OnBoard web interface
1 LAN Port (10/100 / 1000M) / 1 HA Port (10/100 / 1000M)
Use environment
Operating environment temperature: 0 ~ 60 ° C / Operating environment humidity: 5% ~ 95%
Safety certification
FCC, CE, UL, cUL
Model size
19 "x 2U x 550mm (21.65" deep)
Industrial control server grade PS2 POWER SUPPLY (non-general PC power supply)
Input power: 100 ~ 250 VAC (Autosensing) / Power supply: 450 Watts or more / Power on automatically starts
Mounting method
Rack-mount models suitable for racks
 

HERHSIANG Information Co., Ltd.
TEL: 886-7-3494097 FAX: 886-7-3596785
EMAIL: 
service@herhsiang.com

             service@herhsiang.com.tw

3F, No.5, Dinghe St., Sanmin District, Kaohsiung City Taiwan

Hours Monday~Friday 8:30 AM ~ 6:00 PM
Copyright © 2002~2020