HERHSIANG Information Co., Ltd.

Home Page

Member sign up | Member login

Home Page

Buy MDispersion mid-level or high-level mail servers from now on and get Kaspersky Anti-Virus for 1 year

NGS 1315HE 1351HF built-in third-party application and URL for 2 years each

NGS 3572HF 5752HF 5792HF 5772HG built-in Kaspersky Anti-Virus for 1 year, 3rd party application and URL for 2 years each.

NGS new generation firewall can be used as a layer 2 intranet security firewall

Buy MDispersion mid-level or high-level mail servers from now on and get Kaspersky Anti-Virus for 1 year

Latest information security equipment

10P+4P1G fiber IPS NG-UTM

Product Description

NGS 5972HG is a network security device that complies with Next Generation UTM specifications. It features high operational efficiency, multiple security protection mechanisms, and hierarchical authorization management. It is the preferred network security and management device for medium and large enterprises.

NGS 5972HG has the powerful functions of a new generation of firewalls, including Deep Packet Inspection (DPI)-based application identification and control, In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, antivirus, spam filtering, and It supports external authentication integration and other functions, which can prevent hackers from maliciously sneaking into attacks or unauthorized access to internal network resources. In addition, NGS 5972HG also supports dual-machine backup mechanism (HA), which can ensure that the equipment is continuously running.

feature of product

NGS 5772HG is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meets the requirements of the next-generation Software Defined Network (SDN) core switch.

Integrate the centralized management of wireless base stations and network-managed switches to create an integrated wired and wireless security protection, allowing administrators to take care of both inside and outside, and can be used as the second layer as an intranet security firewall (ISFW).

Balance performance and function

HERHSIANG NGS 5972HG, its hardware platform is carefully designed, using X86 hardware equipment, the purpose is to allow enterprise users to fully experience the security protection functions provided by HERHSIANG's new-generation UTM.

For customers with high connectivity requirements, we provide high-performance security modules to improve connectivity and support the USB quick recovery mechanism.

IP v4 / v6 dual-band technology

There is a shortage of IP v4 addresses, and the era of IP v6 will come sooner or later, so HERHSIANG has integrated this trend when developing the next generation of UTM. The same network interface, whether it is defined as a WAN or a LAN, can be bound at the same time The IP address of v4 or v6, so no matter it is in a pure v4 environment, v4/v6 mixed, pure v6 environment, NGS 5972HG is the same.

Support SDN controller

Supports SDN controllers, allowing more than one Port to be combined into ZONE, which is directly managed by the SDN controller, and the transmission of ZONE and ZONE packets will also pass the packet inspection of NGS 5972HG.

It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which operates independently and does not interfere with each other. .

SSL encrypted connection detection

With the ability to detect SSL traffic, when faced with SSL encrypted connection traffic, it can apply functions such as intrusion detection and defense, gateway anti-virus, content filtering, and application bandwidth control.

Load balancing

Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will be automatically redirected to another normal line to ensure that the internal user network is smooth. When the line is restored, the packet It will be automatically assigned again.

Enterprises can set their own load balancing rules according to their needs, and network access can refer to the set rules to perform network traffic load balancing guidance. Algorithms include: automatic allocation, manual allocation, allocation by source IP, and allocation by destination IP.

IPS intrusion prevention

IPS will check the contents corresponding to the 4th to 7th layers of the OSI model, whether there are malicious attack programs and viruses, hidden in the TCP/IP communication protocol. After detailed content inspection, the qualified signatures will be Mark it out, once discovered, the packets can be blocked immediately, so that these malicious packets passing through the firewall will be hidden from view.

Threat detection and defense

Provide enterprises with the most complete defense-in-depth mechanism. Today's network attacks cannot only rely on a single point of defense but require complete defense-in-depth. Only by using different levels of defense technologies can companies reduce potential threats.

In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for enterprise information security protection, Hexiang NGS 5972HG can strengthen the detection of malicious programs for traffic, web pages and emails, and analyze the correlation of different security mechanisms. , To play the role of defense in depth.

WAF ( Web Application Firewall )

Web application firewall is a product that provides protection for Web server applications by implementing a series of security policies for HTTP/HTTPS.

WAF's job is to parse the web application layer data, perform multiple conversions of different encoding methods to restore the attack plaintext, combine the deformed characters and analyze it, which can be better than the combined attack from the web layer. Providing application layer rules WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective enough. WAF provides special application layer rules and has the ability to detect deformed attacks, such as detecting mixed attacks in SSL encrypted traffic

Mail gateway protection

The enterprise already has a mail host, but the spam filtering performance is not good. You can use NGS 5972HG as a mail gateway mode to make up for the insufficient functions of the original mail server, such as spam filtering and virus filtering.

After filtering the virus and advertising mail through NGS 5972HG, the clean mail is sent to the mail host.

Virus filtering

The system provides Clam AV anti-virus engine for free, which can detect more than millions of viruses, worms, and Trojan horse programs. It can automatically scan emails for viruses, automatically update virus files through the Internet every day, and provide virus mail search condition.

Administrators can set the processing methods of poisoned emails by themselves, including automatic deletion, storage of poisoned email extensions, and the subject of the poisoned email notification letter. The new generation UTM has a built-in Kabbah anti-virus engine for one year. Customers can purchase and continue to enjoy the Kaspersky anti-virus engine leader with the highest scanning rate and the strongest virus repair.

Spam filtering

Either internal mail or external mail can be filtered, and provide ST-IP network credit evaluation, Bayesian filtering, Bayesian filtering automatic learning mechanism, automatic whitelist mechanism, spam feature filtering and fingerprint identification method, etc., and there are black , Whitelist comparison and intelligent recognition learning database (Auto-Learning), you can even set personalized rules, flexibly formulate filtering rules, deal with spam, and ensure comprehensive protection without misjudgment, with an accuracy rate of more than 95%. Mail filtering can perform actions such as forwarding, deleting, and blocking letters that meet the filtering conditions set by the administrator.

Abnormal IP analysis

Any network behavior, no matter what kind of software the user runs, is roughly divided into the number of uploads and downloads (Connect Session), flow (Flow) and duration (Time) from the perspective of network packets, by detecting these The combination of the numbers, it is estimated that the user is using the Internet normally or has abnormal behavior.

When an abnormal behavior of internal users is discovered, the administrator can adopt a variety of strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling a collaborative defense mechanism to notify the switch to block it, or notifying the administrator.

Bandwidth Management (QoS)

Assist network administrators to control network traffic, effectively reduce corporate network congestion, and improve serviceability and bandwidth utilization.

With QoS (bandwidth management) function, the limited bandwidth can be allocated to all users.

The difference from general bandwidth managers is that NGS 5972HG not only provides maximum bandwidth and priority management, but also has the function of guaranteeing bandwidth. And it also has the design of personalized bandwidth management, which can set the bandwidth management for individual users.

If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be redistributed to users under the enterprise, which can effectively prevent the phenomenon of bandwidth being monopolized by users.

Content filtering

Provide Web Filter (web page filtering) function, can block the work end access to inappropriate web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and can set filter conditions to block inappropriate websites.

URL database management [optional 3rd party database (optional)]

The built-in "cloud URL database" automatically classifies web pages. As long as the administrator prevents blocking of harmful URL networks, it can be easily controlled. There is no need to input website IP addresses, keywords... to block them one by one.

Randomly clicking on harmful URLs is the source of evil. The best way to prevent blocking is to prohibit the use of the Internet. If it cannot be completely prohibited, the URL database that is updated from time to time is the best protection mechanism.

Full record of online behavior

Some employees of enterprises use the Internet during working hours to do non-work purposes, chatting is small, and leaking secrets is a big deal.

NGS 5972HG can not only limit the user's authority to use related applications, but also record related online behaviors, including browsing web pages and sending and receiving emails. When a company leaks secrets, the information that has been preserved is the best evidence to be used as evidence in court.

Traffic Analysis

Provide traffic analysis tools, whether it is the internal user's computer power on and off status, real-time display of network traffic, communication protocol distribution and traffic rankings, when the line is fully loaded, the traffic culprit can be found immediately.

Application management [Optional 3rd party database (optional)]

Various network application software is not only difficult to manage, but also easily becomes the best channel for data leakage and virus attacks.

NGS 5972HG has built-in multiple application management functions, including instant messaging, audio-visual services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control the use of application software by employees Permission to protect corporate network security.

Graphical traffic report (threat intelligence instrument)

Provides traffic reports on the WEB interface, and plots the historical status of the system into a chart, so that the administrator can easily grasp the current system operation status at any time.

NGS 5972HG provides system status chart (including CPU load chart, memory load chart, system load), network traffic chart (LAN traffic, WAN1~WAN13 traffic), and provides query conditions to quickly search the history of each traffic status.

VPN function

Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users.

Through these VPN mechanisms, it is convenient for users to connect to different devices from different locations, including home, external public information service stations, and the Internet, such as laptops, branch offices, business locations, mobile communication devices, or at home …Wait.

Among them, SSL VPN is currently the most important long-distance secure transmission connection between most enterprises, customers and partners.

HERHSIANG Android SSLVPN APP

Definition of UTM

IDC defines UTM information security hardware equipment as: it contains multiple security functions integrated into a single hardware device, which must include network firewall, network intrusion detection and defense, and gateway anti-virus. All functions on this device do not need to be fully utilized, but must be built-in, and individual components cannot be cut.

In order to test these devices, NSS Group clearly defined UTM devices as a single device with functions such as firewall, VPN, IDS/IPS, anti-virus, anti-spam, URL filtering, content filtering, etc. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a powerful state NAT firewall is required.

* VPN: It is often deployed on the enterprise wide area network as a branch office network solution. Basically, it is necessary to be able to establish a small number of secure VPN channels.

* IDS/IPS: The firewall can only enforce policies. If the policy allows incoming HTTP traffic to the website server in the DMZ zone, the firewall cannot prevent hackers from damaging the target website server from the HTTP protocol. The IPS function will detect and block such intrusions that attempt to use the network boundary to break in, and prevent malicious network flows from reaching the server. The IDS function can detect intrusions and issue warnings, but it cannot block malicious traffic.

* Antivirus: The gateway antivirus filter can prevent inbound virus traffic on the network boundary, strengthen the computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-spam: Gateway anti-spam can mark incoming emails, allowing further processing by computer filtering solutions. The solution can prevent internal hosts from sending spam messages outside the enterprise.

* URL filtering: Using a continuously updated URL classification database, a set of gateway URL filtering solutions can prevent employees from accessing unpleasant or inappropriate websites from within the corporate network.

* Content filtering: Scan specific content of webpages and mail traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out from the corporate network.

6P+4P10G fiber IPS NG-UTM

Product Description

NGS 5952HTG is a network security device that complies with Next Generation UTM specifications. It has high operational efficiency, multiple security protection mechanisms, and hierarchical authorization management. It is the first choice for network security and management equipment for medium and large enterprises.

NGS 5952HTG has the powerful functions of a new generation of firewalls, including Deep Packet Inspection (DPI)-based application identification and control, In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, anti-virus, spam filtering, and It supports external authentication integration and other functions, which can prevent hackers from maliciously sneaking into attacks or unauthorized access to internal network resources. In addition, NGS 5952HTG also supports dual-machine backup mechanism (HA), which can ensure that the equipment is continuously running.

feature of product

NGS 5952HTG is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next-generation Software Defined Network (SDN) core switch.

Balance performance and function

HERHSIANG NGS 5952HTG, its hardware platform is carefully designed, using X86 hardware equipment, the purpose is to allow enterprise users to fully experience the security protection functions provided by HERHSIANG's new generation UTM.

For customers with high connectivity requirements, we provide high-performance security modules to improve connectivity and support the USB quick recovery mechanism.

IP v4 / v6 dual-band technology

Support SDN controller

Supports SDN controller, which allows more than one Port to be combined into a ZONE, which is directly managed by the SDN controller, and the transmission of ZONE and ZONE packets will also pass the packet inspection of NGS 5952HTG.

It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which operates independently and does not interfere with each other. .

SSL encrypted connection detection

Load balancing

IPS intrusion prevention

Threat detection and defense

In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for enterprise information security protection, Hexiang NGS 5952HTG can strengthen the detection of malicious programs for traffic, web pages and emails, and analyze the correlation of different security mechanisms. , To play the role of defense in depth.

WAF ( Web Application Firewall )

Web application firewall is a product that provides protection for Web server applications by implementing a series of security policies for HTTP/HTTPS.

Mail gateway protection

The enterprise already has a mail host, but the spam filtering performance is not good. You can use NGS 5952HTG as a mail gateway mode to make up for the insufficient functions of the original mail server, such as spam filtering and virus filtering.

After filtering viruses and advertising mail through NGS 5952HTG, the clean mail is sent to the mail host.

Virus filtering

Spam filtering

Abnormal IP analysis

Bandwidth Management (QoS)

Assist network administrators to control network traffic, effectively reduce corporate network congestion, and improve serviceability and bandwidth utilization.

With QoS (bandwidth management) function, the limited bandwidth can be allocated to all users.

The difference from the general bandwidth manager is that NGS 5952HTG not only provides maximum bandwidth and priority management, but also has the function of guaranteeing bandwidth. And it also has the design of personalized bandwidth management, which can set the bandwidth management for individual users.

Content filtering

URL database management [optional 3rd party database (optional)]

Full record of online behavior

Some employees of enterprises use the Internet during working hours to do non-work purposes, chatting is small, and leaking secrets is a big deal.

NGS 5952HTG can not only limit the user's authority to use related applications, but also record related online behaviors, including browsing web pages and sending and receiving emails. When a company leaks secrets, the information that has been preserved is the best evidence to be used as evidence in court.

Traffic Analysis

Application management [Optional 3rd party database (optional)]

Various network application software is not only difficult to manage, but also easily becomes the best channel for data leakage and virus attacks.

NGS 5952HTG has built-in multiple application management functions, including instant messaging, audio-visual services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control the use of application software by employees Permission to protect corporate network security.

Graphical traffic report (threat intelligence instrument)

Provides traffic reports on the WEB interface, and plots the historical status of the system into a chart, so that the administrator can easily grasp the current system operation status at any time.

NGS 5952HTG provides system status chart (including CPU load chart, memory load chart, system load), network traffic chart (LAN traffic, WAN1~WAN13 traffic), and provides query conditions to quickly search the history of each traffic status.

VPN function

Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users.

Among them, SSL VPN is currently the most important long-distance secure transmission connection between most enterprises, customers and partners.

HERHSIANG Android SSLVPN APP

Definition of UTM

* Firewall: Deployed at the network boundary, a powerful state NAT firewall is required.

* VPN: It is often deployed on the enterprise wide area network as a branch office network solution. Basically, it is necessary to be able to establish a small number of secure VPN channels.

MD 1U Mail Server

High-quality hardware and full-featured firmware configuration

Host hardware planning:
Adopt a stable server motherboard, industrial-grade chassis, industrial-grade power supply. (Customers have used it for 10 years)

Data security planning:
The data disk uses 1 PCIe NVMe M.2 SSD, the system backup disk 1 HDD, and the two are automatically synchronized.

Advantages of security planning:

ONBOARD synchronization is faster than USB and network backup, which can ensure that the data is saved in a short time. When the data disk is faulty and the data is damaged and cannot be used, MIS can directly use the system backup disk as a data disk, and the recovery speed is fast without waiting. Annoyingly long restoration time.

Strong capacity expansion:

The memory can be expanded to the maximum capacity of the motherboard. In addition, when the data disk capacity is insufficient, the capacity needs to be expanded. After the system backup disk capacity is increased and synchronized, the increased capacity data space can be used directly as the data disk. Please call to inquire for the maximum capacity recommended)

Full firmware configuration:
The firmware of MDispersion mail server adopts a full-featured configuration. In addition to Kaspersky Anti-Virus, H168 does not have other optional functions. HERHSIANG needs to use the existing concept, which can reduce the time wasted by some necessary processes. It is enough to meet the company's needs in real time.

Decentralized mail architecture

For companies, institutions, or schools that provide multi-site or high-traffic e-mail needs, it can speed up mail delivery and communication. The database, account number, and e-mail communication records between the main and auxiliary machines will be synchronized with each other through encrypted channels. For the communication records of all mails, whether it is outbound, inbound or internal mails of each outbound point, will be aggregated into the database of the mail service of the computer center, in case you want to query The communication records of the mails are all based, and the mail hosts of the external point (slave) all receive and send mails from the local mail host. There is no need to wait for the reply from the remote host, which speeds up the processing speed of the mail and has remote backup Aid mechanism function.

Support IPV4 / IPV6 address

The built-in IPV4 / V6 dual-frequency DNS server provides the functions required for a complete DNS service. For example, DNS forward check, reverse check, A, AAAA records, etc., solve the inconvenience and trouble of the administrator to set up the DNS server.

Easy to install

All management items of MDispersion H168 can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.

Home details

The MDispersion H168 homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Multi-domain independent mail system function

MDispersion H168 has a multi-domain independent mail system function (multi-DOMAIN). In addition to setting the domain name of its parent company, if it also needs to receive other branch domain name letters at the same time, you can enter other domain names on the system. There is no limit to the number of multi-domain names, which allows the enterprise mail system to have multiple mail domain aliases at the same time.

Exclusive IOS & Android Mail App

MDispersion H168 provides a dedicated App sending and receiving program, which is synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G, allowing you to keep track of mail messages at any time.

Mail firewall

Through anomalous traffic detection, authentication anomaly detection, authentication and sender confirmation, you can perform in-depth email detection and filter out email threats that traditional firewalls cannot intercept. All advertising spam letters, massive email attacks, and Trojan horses. , Dictionary attacks or hacking attacks, etc., can be filtered through the mail firewall layer by layer to protect the security of corporate mail operations.

Mail Gateway Protection

High-efficiency spam filtering function. The Mail Gateway solution that can be safely deployed in the front of the mail server. It uses OS64 3.0 technology and multiple layers of mail scanning mechanisms to effectively block increasing spam, viruses, malicious mail, springboards, and phishing. Threats such as email and spyware sending help companies effectively manage email security protection and improve email service quality.

Multi-layer spam filtering mechanism

MDispersion H168 mail server has built-in gray list, fingerprint identification, black and white list setting, IP address anti-decryption verification, SPF verification, sender abnormality verification, DKIM verification function, and has text link filtering and abnormal sending Detection and protection mechanism, which can filter and parse the URL of the message body, and detect and scan compressed archives (ZIP / RAR). Any irregularity can be filtered or blocked, which can greatly reduce the threat from email threat .

Smart Spam Learning Mechanism

Phishing email attacks and infiltration methods have been continuously improved, from emails, pictures, file archives, web page advertisements, system vulnerabilities to encrypted ransomware. MDispersion H168 uses advanced tools (smart learning) to interpret all incoming and outgoing email data and analyze the threats that may be hidden in it. For example, use the spam classification engine to automatically learn the letter characteristics of SPAM and HAM to help identify thousands of malicious programs or viruses. MDispersion H168 will deal with the complex problem of email. Through the concept of interconnection and data sharing, the email data will be transmitted through the cloud intelligent learning system to prevent and track the source of malicious attacks.

Sandstorm malware filtering mechanism

Advanced Sandstorm can effectively detect unknown advanced malware attachments, such as common Microsoft, Word, Excel, Power Point or PDF; or targeted phishing emails, or even compressed files, such as common ZIP and RAR, Sandstorm defense Before scanning Spam or Virus for corporate email, first compare the suspicious attachments and isolate the problematic letters, so that the hidden malicious programs can take shape and avoid affecting user email reception.

Ransomware protection

Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. The MDispersion H57TA email system provides a URL body link filtering database, which breaks through the general filtering against the sender's source IP or domain. MDispersion H168 plus the body IP and domain can effectively prevent ransomware attacks.

Virus Letter Filter [Kaspersky (optional)]

Built-in two sets of anti-virus engines, Calm AV anti-virus engine (free) and Kaspersky (optional). Anti-virus software Clam AV can detect more than 4 million types of viruses, worms, and Trojans. No matter email, WEB, or FTP, it will automatically scan for viruses, update virus files automatically through the Internet daily, and provide rankings of virus messages Leaderboard report. Automatically check for virus patterns daily. Kaspersky Anti-Virus provides enterprise-class network security protection against viruses, malware, spam, and other threats, taking into account performance and detection.

SPF and DKIM authentication mechanism

SPF sender source verification can filter out letters from illegal hosts forged by legitimate domains; DKIM domain verification emails can be used to prevent email content from being tampered with. When sending the mail, the server signs the mail with the private key, and confirms the public key data recorded above with the sender's domain through DNS. It can be paired successfully with the private key, which means that the mail was indeed sent by the original sender. Both the receiving end and the sending end can use DKIM authentication to prevent spammers from spamming, sending spam letters through fake mail senders and fake private key signatures.

Message Encryption (TLS) for secure message delivery

The MDispersion H168 mail server supports TLS (all MDispersion models). When users send and receive mail through SMTP, POP3, or IMAP, the mail will be transmitted using TLS encrypted connection, allowing mail data to be transmitted between personal devices and mail hosts. In this way, it is possible to securely prevent theft from being encrypted.

"Mail Security Signature" Identity Authentication Mechanism

Most hacking methods will steal the recipient's letter, fake the sender's reply scam, and in order to make the recipient reply to the letter for verification and not be received by the original sender, the sender's name will be partially changed. , So that the recipient is deceived without any doubt about him. MDispersion H168 mail security seal, provide personal verification seal and develop a seal icon, so that after receiving the letter, the recipient can return to the sending mail host through the link to confirm the original letter content, and check the confirmation letter sent Whether the content is consistent and consistent with the content.

Email content audit filtering

Automatically filter and scan emails in accordance with corporate regulations or internal rules of the organization to detect inappropriate email behavior. Not only can scan the complete message content, but also perform keyword scanning for individual domains where the message is sent (outbound, inbound, outbound), and for filtering methods that meet the filtering conditions such as quarantine, delete, block sender IP, and send notification Letters, carbon copies, etc. can help system administrators comply with regulations inside and outside the enterprise.

Personal data filtering protection

In order to respond to the protection of personal information laws, provide the filtering function of personal information filtering, and perform filtering audit settings for sensitive personal information. Administrators can directly choose to check the identity card number, credit card number, phone number, mobile phone number, date of birth Wait for filtering conditions for control.

Mail log function backup

For all the mail entering or leaving the mail server or mail gateway, along with the enclosing file, all the records are recorded, the user's computer letters are not visible, and can be forwarded to the user by the recorder, and can be automatically backed up to the network neighborhood or FTP Server, and provide corresponding fields for quick query and intercept reason query, which can help managers understand the status of mail exchanges. Quickly search and read email data backed up externally. The most important thing is that the format of the stored email is eml, which can be easily read or searched under any operating system.

Painless transfer of letters

With the function of automatic account creation, the original mail host account and letter can be automatically converted. The administrator does not need to re-enter the account number and password, which reduces the trouble of new and old mail host replacement and account creation. In addition to automatic account creation / transfer settings, it also provides user account manual creation and AD account integration modes.

Decentralized management and management

According to the decentralization and decentralization policy of the enterprise department, the authority and management items for each administrator to log in to the management interface can be defined, including mail records, user management, system management, log query, audit management, traffic statistics, POP3 proxy, etc.

Various statistical reports

Provide diversified and easy-to-read statistical report information-including various kinds of statistics including traffic rankings, POP3 traffic rankings, personal reports, user traffic rankings, letter type distribution, audit isolation rankings, equipment dangerous password rankings, spam source rankings, etc. Auxiliary charts, and can set the chart column.

Dual-machine (HA) and remote backup function

"Creating a never-ending network", dual-machine backup allows the main mail host of an enterprise to stop working when there is an abnormal operation. The backup mail host will automatically take over as the main mail host, allowing the corporate mail host to stay on for 24 hours. working normally. The off-site backup is to set up a dedicated mail host in the head office and the branch office. When the mail host fails in any place, the system can automatically switch to another host to keep it running. There are interruptions, and truly offsite backup services are available.

POP3 proxy

In addition to the company's email account, users may have other important accounts in use. To grasp the latest information, they often need to log in to different browser pages to collect the letters all at once. In order to save users the time and convenience of receiving mails, the HERHSIANG mail server provides the function of POP3 proxy. All the mails can be collected by the local account, and users can also set their own POP3 proxy function through Webmail interface.

Oversized attachment sending function

MDispersion H168 decentralized architecture mail server mail sending method, eliminates the problem of capacity limitation. Adopts the method of downloading the mail attachment file with a super download. When the sender's sending capacity exceeds the administrator's setting, the user receives When you send a letter, you can quickly download the file in http or encrypted mode (https).

New Webmail

HERHSIANG mail server has built-in Outlook like Webmail, which is similar to Outlook express style user interface, which is convenient for users to use immediately. You can browse, compose, and send and receive emails directly through any browser (http or https). The connection transmission process is protected by encryption to ensure the security of email communication.

Push Mail

With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? MDispersion H168 mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.

Newsletter delivery system

E-newsletters are an indispensable marketing tool for business operations. Many new products are often listed on the company. Of course, the publicity of old products is not a problem. In the past, most new product descriptions were sent to customers by email. Sending by e-newsletter is time-saving and convenient.

Webmail folder sharing (cloud disk)

MDispersion H168 mail host cloud hard disk provides a space for all users to share, users can share information, briefing materials, technical documents, market information, etc., through the interface can quickly upload or download files, and classify these files, which Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Webmail 2-step verification

Users can steal passwords by using the same password on multiple websites, downloading software over the Internet, and clicking links in email messages. MDispersion H168 Webmail uses a two-step verification mechanism to ensure account security through LINE notification verification or backup email. Even if a bad person steals your password, 2-step verification still keeps your account secure.

Co-signed files (mail disclaimer)

For the mail sent by the company, the company's common signature file (including the mail disclaimer) can be automatically annotated, and different content can be set according to different domain names, and the administrator can set the content of the signature file, and the account without the shared signature file With IP address.

Outlook address book, Google calendar synchronization integration

Allows users to synchronize the use of webmail and outlook contact list (including groups), MDispersion H168 provides Outlook Connector communication synchronization integration function, whether you use it in Outlook or Webmail interface, you can quickly and regularly synchronize with each other, allowing you to E-mail is easier and more convenient to use. MDispersion H57TA mail server calendar can be integrated with Google Calendar, all schedules can be viewed on the same page, and meetings, work or private leisure time can be easily arranged.

Personal calendar

Webmail's easy-to-use calendar tool also helps you manage daily events and calendars. And provides a group calendar function, so that you can also grasp all department-related activities at the same time. MDispersion H57TA Webmail calendar not only has a web version of operating settings, but also provides APP applications (including IOS and Android), the two can be synchronized schedule.

Simple management

Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close the remote control service of ping / http / https at will. Also provides a variety of network testing tools, including PING, Traceroute, DNS query, Port query and other tools.

Encrypted mail compression (full email or attached file)

The MDispersion H168 mail host allows enterprises to provide a more secure operating structure for gateways and terminals under the existing mail system architecture. Managers can convert entire .eml emails to encrypted PDF files for specific personnel, or only encrypt and compress the attachments of their emails to ensure that emails are stolen during transmission and leak important information. The recipient can use a PDF reader when receiving the email, and enter the password to view the original email content, including of course the attached attachment file.

System backup and restore

In addition to the high-quality hardware configuration, the backup content is set to be backed up at a specified time, and the USB slot on the interface of the HERHSIANG mail server can be directly used for backup, allowing the administrator to maintain it conveniently.

After using USB HDD to back up the whole machine, in case the system hard disk of the machine fails, you can also choose the USB system backup disc to be used when booting, and the whole machine will return to the state before the backup, which can replace the tape drive. The system does permanent preservation.

Hard drive auto-test

For the mail host, the hard disk plays an important role like the heart of the human body. It stores all the corporate emails. If the enterprise itself does not have a backup mechanism, there will be doubts about data loss when the hard disk is damaged. At this time, a remedy is possible. It's too late.

In view of this, the MDispersion H168 mail host provides an automatic hard disk detection mechanism. Through real-time detection, the hard disk health status can be grasped, and related warning messages are provided to allow administrators an additional security protection mechanism.

Hardware specifications

DDRIII-RAM: 4GB

PCIe NVMe M.2 SSD 500GB*1 (Crucial P series)

SATA-III HDD 500GB*1

Console: On-screen keyboard

USB 3.0 Port: 2

Number of people: Unlimited

System Management

Management settings using a browser (HTTPS)

Supported Service Agreement

ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS

OnBoard web interface

1 LAN / 1 HA (All Giga Port)
Use environment

Operating environment temperature: 0 ~ 60 ° C / Operating environment humidity: 5% ~ 95%

Safety certification

FCC, CE, UL, cUL

Model size

385mm (D) x 145mm (H) x 565mm (W)

Power Supplier

Input power: 100 ~ 250 VAC (manual switching) / Power supply: 250 Watts / Power on automatically starts

Placement: rack

MDA 2U 1MD1MA Server

100M/RJ45/single speed 1G

Features

• Compliant with IEEE802.3-2002 and 802.3ab Standard
• Compliant with SFP MSA
• Hot Pluggable
• Auto-detect MDI/MDI-X on RJ-45 port
• MAC Interface : SERDES
• RJ-45 connector
• Single +3.3V power supply
• Link length up to 100m with four-pair Cat.5 UTP cable
• RoHS Compliant

Application

• 1000Base-T Application

• High speed I/O for file serverl
• Mass storage system I/O
• Bus extension application

10KM/single mode

Transmitter Section

The transmitter consists of a high-performance 1310 nm Febry-Perot (FP), which is housed within a metal package. In addition,
this component is also class 1 laser compliant with according to International Safety Standard IEC-825

Receiver Section

The receiver contain of an InGaAs PIN photodiode coupled to a high sensitivity transimpedance amplifier (TIA) in an OSA. This OSA combination is mated to a post amplifier IC that provides the post amplification and LOS (Loss of Signal) indication circuit, which provides LVTTL logic high state output when a unusable input optical signal level is detected.

Features

Single + 3.3 V power Supply
Small Form Factor Pluggable MSA Compliant
Compliant with IEEE 802.3z Gigabit Ethernet Standard
PECL Differential Inputs and Output
TTL Signal Detect Indicator.
For Signal Mode Applications
LC Duplex Connector
EEPROM with serial ID functionality.
Class 1 Laser International Safety Standard IEC 825 Compliant
Temperature Ranges: 0℃ to +70℃ (MGB-S10)

Application

Bridges/Routers/Intelligent hub and concentrators
Gigabit Ethernet / Fiber Channel
Storage Area Network

30M/RJ45/single speed 10G

Features

• Compliant with IEEE802.3an, 802.3ab and 802.3az standard
• Compliant with SFP-8431, 8432 SFP+ MSA
• Support 10GBase-T
• Hot Pluggable
• Auto-detect MDI/MDI-X on RJ-45 port
• Auto-negotiates with other 10GBASE-T PHYs
• Support RX_LOS function
• Support I2C 2-wire interface for serial ID
• SFP Interface : SERDES
• RJ-45 connector
• Single +3.3V power supply
• Link length up to 30m with four-pair Cat.6a/7 cable
• RoHS Compliant

Application

• 10GBase-T Application

10KM/single mode

Transmitter Section

The transmitter consists of a high-performance 1310 nm MQW DFB structure laser in the optical subassembly (OSA), which is housed within a metal package. In addition, this component is also class 1 laser compliant with according to International Safety Standard IEC-60825 and FDA 21 CFR 1040.10 and 1040.11.

Receiver Section

The receiver contains of an InGaAs PIN photodiode coupled to a high sensitivity transimpedance amplifier (TIA) in an OSA. This OSA combination is mated to a post amplifier IC that provides the post amplification and SD (Signal Detection) or LOS (Loss of Signal) indication circuit, which provides logic high state output when an unusable input optical signal level is detected.

Features

Single +3.3V power supply voltages
Compliant with SFP+ MSA
Compliant with IEEE 802.3ae 10GBase-LR/LW standard
Compliant with SFF-8472 diagnostic monitoring interface for optical transceivers
AC/AC coupling according to MSA
Class 1 Laser International Safety Standard IEC 825 Compliant.
Complies with EN60825-1 and FDA 21 CFS 1040.10 and 1040.11
Commercial operation temp. : 0℃ to +70℃
RoHS Compliant

Application

High-speed Storage Area Networks
Computer Cluster Cross-connect
Custom High-speed Data Pipes

Hot-selling information security equipment

1U 14P IPS NG-UTM

Product Manual

NGS 3572HF is a network security device that complies with Next Generation UTM specifications. It features high operating efficiency, multiple security protection mechanisms, and hierarchical authorization management. It is the preferred network security and management device for medium and large enterprises. NGS 3572HF has the powerful functions of next-generation firewall, including Deep Packet Inspection (DPI) -based application identification and control, In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, anti-virus, spam filtering, and Supports external authentication integration and other functions, which can prevent hackers from sneaking into malicious attacks or unauthorized access to internal network resources. In addition, NGS 3572HF also supports dual-machine backup mechanism (HA), which can ensure the continuous operation of equipment.

Feature Of Product

NGS 3572HF is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).

Balancing performance and functionality

HERHSIANG NGS 3572HF, its hardware platform is carefully designed, using X86 hardware equipment, the purpose is to allow enterprise users to fully feel the security protection features provided by HERHSIANG Next Generation UTM. For customers with high connection capacity requirements, we provide high-performance security modules to improve connection capacity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology

There is a shortage of IP v4 addresses, and the age of IP v6 is coming sooner or later, so HERHSIANG has already integrated this trend when developing the next-generation UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. v4 or v6 IP address, so whether it is in a pure v4 environment, a mixed v4 / v6, or a pure v6 environment, NGS 3572HF is the same.

Support SDN controller

Support SDN controller, can make more than 1 port to form ZONE, directly managed by the SDN controller, and ZONE and ZONE packet transmission will also pass NGS 3572HF packet detection. And with VLAN 802.1Q function, it can cut the internal network into several independent sub-network segments, each of which operates independently without interference.

SSL encrypted connection detection

With the ability to detect SSL traffic, when facing SSL-encrypted connection traffic, you can apply intrusion detection defense, gateway anti-virus, content filtering, and application bandwidth control.

Load balancing

Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line to ensure that the internal user network is unblocked. When the line is restored, the packet It will be assigned automatically again. Enterprises can set load balancing rules according to their own needs, and network access can refer to the set rules to implement network traffic load balancing guidance. The algorithms are: automatic allocation, manual allocation, allocation based on source IP, and allocation based on destination IP.

IPS Intrusion Prevention

IPS It will check the content corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs and viruses, hidden in the TCP / IP communication protocol. After detailed content inspection, the qualified feature code will be Mark out, once discovered, you can block the packets immediately, so that these malicious packets through the firewall have nothing to hide.

WAF (Web Application Firewall)

Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.

The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.

Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.

Threat Detection Defense

Provide enterprises with the most complete defense-in-depth mechanism. Today's network attacks cannot rely on a single point of protection but require complete defense-in-depth. Only through different levels of defense technology can there be a way to reduce the potential threats to the enterprise. In addition to providing firewalls, intrusion detection systems (IPS), and anti-virus as the basis for corporate security protection, Hexiang NGS 3572HF can strengthen the detection of malicious programs for traffic, web pages, and emails. Through the analysis of related security mechanisms , Play the role of defense in depth.

Mail Gateway Protection

The company already has a mail host, but the spam filtering performance is not good. You can use NGS 3572HF as the mail gateway mode to supplement the original mail server's insufficient functions, such as spam filtering and virus filtering. After filtering the virus and advertisement mail through NGS 3572HF, send the clean mail to the mail host.

Virus Letter Filter

The system provides Clam AV anti-virus engine for free. It can detect more than millions of viruses, worms, and Trojan horses. It can automatically scan for viruses on emails, automatically update virus files through the Internet daily, and provide virus email search. condition. The administrator can set the processing method of the poisoned mail, including automatic deletion, storage of the poisoned mail extension and the subject of the poisoned mail notification letter. The new-generation UTM has a built-in Kabar anti-virus engine for one year. Customers can choose to continue to enjoy Kaspersky Anti-Virus, the leader in virus scanning and virus repair.

Spam filtering

Both internal and external mail can be filtered, and ST-IP network letter review, Bayesian filtering, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification are provided. , White list comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without misjudgment. The accuracy rate is more than 95%. Mail filtering, which can forward, delete, and block the letters that meet the filter conditions set by the administrator.

Anomaly IP analysis

Any network behavior, no matter what kind of software the user runs, from the perspective of network packets, it is roughly divided into the number of uploads and downloads (Connect Session), flow (Flow) and duration (Time), by detecting these The combination of the numbers estimates that the user is using the Internet normally or has abnormal behavior. When abnormal behaviors of internal users are discovered, the manager can adopt a variety of strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling a cooperative defense mechanism to notify the switch to block it or notifying the manager.

Bandwidth Management (QoS)

Assist network administrators to control the network, effectively reduce the obstruction of corporate network, improve serviceability and bandwidth usage. With QoS (bandwidth management) function, it can distribute limited bandwidth to all users. The difference from ordinary bandwidth controllers is that in addition to providing maximum bandwidth and priority management, NGS 3572HF also has a guaranteed bandwidth function. And it also has a personalized bandwidth management design, which can be set for individual users.若 Bandwidth tube 理 When used with a personalized bandwidth tube, the bandwidth pre-defined by the bandwidth management function can be allocated to users below the enterprise, which can effectively prevent the band from being exclusively occupied by users.

Content filtering

Provide Web Filter (web page filtering) function, can block the access to inappropriate web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and can set filter conditions to block inappropriate websites.

URL database management [optional 3rd party database (optional)]

The built-in "cloud URL database" automatically categorizes web pages. As long as the administrator can prevent harmful URLs from blocking, it can be easily controlled without having to enter website IP addresses and keywords one by one to block. Clicking on harmful URLs arbitrarily is the source of evil. The best way to prevent blocking is to prohibit the use of the Internet. If it cannot be completely banned, the constantly updated URL database is the best protection mechanism.

Full record of online behavior

Some employees of the company use the Internet during work hours to do non-work-related tasks, with small chats and leaks. NGS 3572HF can not only limit the user's permission to use related applications, but also record related online behaviors, including browsing the web and sending emails. When a company leaks information, the saved information is the best evidence to present as evidence.

Traffic Analysis

Provide traffic analysis tools, whether it is the internal user's computer power on and off, real-time network traffic display, communication protocol allocation and traffic rankings. When the line is full, you can immediately find the traffic killer.

Application management [optional 3rd party database (optional)]

Not only is it difficult to manage a variety of network applications, it is also easier to become the best channel for data leakage and virus attacks. NGS 3572HF has a variety of built-in application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees' use of application software. Permissions to protect corporate network security.

Graphical traffic report

Provide web interface traffic reports, draw the system's historical status into charts, so that managers can grasp the current system operating status at any time. NGS 3572HF provides system status charts (including CPU load chart, memory load chart, system load), network traffic chart (LAN traffic, WAN1 ~ WAN13 traffic), and provides query conditions to quickly search the history of each traffic status .

VPN function

Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users. Through these VPN mechanisms, users can connect to different devices from different locations, including home, external public information service stations, and the Internet, such as laptops, branch offices, business locations, mobile communication devices, or home. …Wait.

Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.

HERHSIANG Android SSLVPN APP

Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.

1U 10 PORT NG-UTM

Product Manual

The NGS 5752HF is a network security device that conforms to the Next Generation UTM specification. It features high operating efficiency, multiple security protection mechanisms, and layered authorization management. It is the preferred network security and management device for medium and large enterprises. The NGS 5752HF features the powerful capabilities of a new generation of firewalls, including Deep Packet Inspection (DPI)-based application identification and regulation, In-Line IPS, SSL resolution and blocking, Web Filtering, bandwidth management, antivirus, and spam filtering. Support for external authentication integration and other functions to prevent hackers from maliciously sneaking into attacks or unauthorized access to internal network resources. In addition, the NGS 5752HF also supports a two-machine backup mechanism (HA) to ensure continuous operation of the equipment.

Feature Of Product

NGS 5722HF is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside, Can be used as the second layer as an intranet security firewall (ISFW).

Balance performance and function

HERHSIANG NGS 5752HF, its hardware platform is carefully designed with X86 hardware equipment, so that enterprise users can fully appreciate the security protection provided by HERHSIANG Next Generation UTM. For customers with high connectivity requirements, provide high-performance security modules to improve connectivity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology

The IP v4 address is in short supply, and the IP v6 era is coming sooner or later, so HERHSIANG has integrated this trend when developing the next generation of UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so NGS 5752HF is the same whether it is in pure v4 environment, v4/v6 hybrid, pure v6 environment.

Support SDN controller

Support SDN controller, can make more than one Port group synthesize ZONE, directly managed by SDN controller, and ZONE and ZONE packet transmission, will also pass the NGS 5752HF packet detection. It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which has independent operation and does not interfere with each other.

SSL encrypted connection detection

With the ability to detect SSL traffic, it can apply intrusion detection defense, gateway anti-virus, content filtering and application bandwidth management when faced with SSL-encrypted connection traffic.

Load balancing

Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line, ensuring that the internal user network is unblocked. When the line is restored, the packet is buffered. It will be automatically assigned. The enterprise can set the load balancing rules according to the requirements, and the network access can perform the network traffic load balancing guidance by referring to the set rules. The algorithms are: automatic allocation, manual allocation, source IP allocation, and destination IP allocation.

IPS intrusion prevention

IPS It checks the contents corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs, viruses, hidden in the TCP/IP communication protocol, and after the detailed content check, the qualified signature will be Marked out, once it is discovered, it can block the packet immediately, so that these malicious packets passing through the firewall are invisible.

WAF (Web Application Firewall)

Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.

Threat detection defense

Providing the most complete defense-in-depth mechanism of the enterprise, the attack behavior of the current network cannot rely on single-point protection and requires complete defense in depth. With different levels of defense technology, it is possible to reduce the potential threat behavior that the enterprise may suffer. In addition to providing firewalls, intrusion detection systems (IPS) and anti-virus as the basis for enterprise security protection, Hexiang NGS 5752HF can enhance the detection of malicious programs for traffic, web pages and emails, and the related analysis of different security mechanisms. To play the role of defense in depth.

Mail gateway protection

The enterprise already has a mail host, but the spam filtering performance is not good. The NGS 5752HF can be used as a mail gateway mode to supplement the original mail server, such as spam filtering and virus letter filtering. After filtering the virus and advertising mail through NGS 5752HF, send the clean mail to the mail host.

Virus letter filtering

Clam AV anti-virus engine protection, free Clam AV anti-virus engine, can detect millions of viruses, worms, Trojans, automatically scan for viruses, and automatically update virus files every day through the Internet. And provide virus mail search conditions. The administrator can set the poisoning mail processing method, including the automatic deletion, the poisoned mail extension file name and the poison mail notification letter. Kabbah antivirus engine is also available.

Spam filtering

Internal mail or external mail can be filtered, and provide ST-IP network credit rating, Bayesian filtering method, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification, etc. , whitelist comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without error, with an accuracy rate of over 95%. Mail filtering can perform actions such as forwarding, deleting, and blocking messages that match the filter conditions set by the administrator.

Abnormal IP analysis

Any network behavior, regardless of which software the user performs, is roughly divided into the number of connected and downloaded Connect Sessions, Flows, and Durations from the perspective of network packets. The combination of quantities estimates whether the user is using the network normally or has abnormal behavior. When an internal user's abnormal behavior is discovered, the administrator can take various strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling the collaborative defense mechanism to notify the switch to block it or notify the administrator.

Bandwidth Management (QoS)

Help network administrators control network traffic, effectively slow down corporate network congestion, improve serviceability and bandwidth usage. With QoS (Bandwidth Management), it can distribute limited bandwidth to all users. The difference with the general bandwidth manager is that the NGS 5752HF has a guaranteed bandwidth as well as maximum bandwidth and priority management. It also has a personalized bandwidth management design that allows for bandwidth management settings for individual users. If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to users under the enterprise, which can effectively prevent the bandwidth from being exclusive to the user.

Content filtering

Provide Web Filter (Web Filter) to block inappropriate access to web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and to set up filtering conditions to block inappropriate websites.

URL database management [Optional 3rd party database (optional)]

The built-in "cloud URL database" automatically classifies web pages. Managers can easily control against harmful URLs. You can easily control them without having to enter the IP address and keywords of the website one by one. Any choice of harmful URLs is a source of sin. The best way to prevent blocking is to ban the use of the Internet. If it is not completely banned, using a constantly updated URL database is the best protection mechanism.

Online behavior record

Some employees of the company go online during work hours, do things that are not for work purposes, have small chats, and have a lot of secrets. In addition to limiting the permissions used by user-related applications, the NGS 5752HF can also record related online behaviors, including browsing web pages and email delivery. When a company has a leak, the information that has been saved is the best evidence used to prove it.

Traffic Analysis

Provides traffic analysis tools, whether it is the internal user computer on/off status, network traffic instant display, protocol assignment and traffic leaderboard, when the line is fully loaded, you can immediately find the traffic murderer.

Application management [Optional 3rd party database (optional)]

Various network application softwares are not only difficult to manage, but also easier to become the best conduit for data leakage and virus attacks. NGS 5752HF has built-in multiple application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees to use application software. Permissions to protect corporate network security.

Graphical traffic report

Provides a flow report of the WEB interface, and draws the historical state of the system into a chart, so that the administrator can keep abreast of the current system operation status. NGS 5752HF provides system status chart (including CPU load map, memory load map, system load), network traffic graph (LAN traffic, WAN1~WAN9 traffic), and provides query conditions to quickly search each traffic status history. .

VPN function

Use IPSec, PPTP, L2TP, and SSL VPN to secure connection between Site to Site, Point to Site, and remote users. Through these VPN mechanisms, users can connect to different devices, such as laptops, branch offices, business offices, mobile devices or homes, from different locations, including home and external public information service stations and the Internet. …Wait.

Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.

HERHSIANG Android SSLVPN APP

Definition of UTM

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

Desktop IPS Firewall

Product Manual

In today's information-developed generation, the network system has become a tool that the world depends on, and its security and danger have also become the most important piece. Therefore, in the pursuit of using the Internet, people not only choose speed, but also have to be able to take into account defense in order to help companies protect private data and create a stable working environment.

HERHSIANG NGS 5H is a next-generation firewall device with both speed and security, and supports USB2.0 port, which can connect 3G and 4G / LTE USB as another WAN network backup option, with NAT processing performance up to 1.8 Gbps . In addition to the firewall function, NGS 5H also has many powerful functions such as IPS, anti-virus, bandwidth management, Internet behavior management, load balancing, content filtering, virtual private tunnel (IPSec VPN), and collaborative defense.

NGS 5H is suitable for small and medium-sized enterprises and SOHO network environments of different sizes, and once meets the needs of professional customers for network security defense. It helps enterprises to block all kinds of virus threats on the front line of the network gateway in real time, while still keeping the network with satisfactory high-quality performance.

Balance performance and function

HERHSIANG NGS 5H, its hardware platform is carefully designed with X86 hardware devices, so that enterprise users can fully appreciate the security protection provided by HERHSIANG New Generation Firewall. For customers with high connectivity requirements, provide high-performance security modules to improve connectivity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology

The IP v4 address is in short supply, and the IP v6 era is coming sooner or later, so HERHSIANG has integrated this trend when developing the next generation of Firewall. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so NGS 5H is the same whether it is in pure v4 environment, v4/v6 hybrid, pure v6 environment.

Support SDN controller

Supporting SDN controller, more than one port group can be combined into ZONE, which is directly managed by SDN controller, and ZONE and ZONE packets are transmitted, and will also be detected by NGS 5H packet. It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which has independent operation and does not interfere with each other.

SSL encrypted connection detection

Load balancing

Provides outbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line, ensuring that the internal user network is unblocked. When the line is restored, the packet is buffered. It will be automatically assigned. The enterprise can set the load balancing rules according to the requirements, and the network access can perform the network traffic load balancing guidance by referring to the set rules. The algorithms are: automatic allocation, manual allocation, source IP allocation, and destination IP allocation.

IPS intrusion prevention *

Threat detection defense *

Providing the most complete defense-in-depth mechanism of the enterprise, the attack behavior of the current network cannot rely on single-point protection and requires complete defense in depth. With different levels of defense technology, it is possible to reduce the potential threat behavior that the enterprise may suffer. In addition to providing firewalls, intrusion detection systems (IPS) and anti-virus as the basis for enterprise security protection, Hexiang NGS 5H can enhance the detection of malicious programs for traffic, web pages and emails, and the related analysis of different security mechanisms. To play the role of defense in depth.

Mail gateway protection *

The enterprise already has a mail host, but the spam filtering performance is not good. The NGS 5H can be used as a mail gateway mode to supplement the original mail server, such as spam filtering and virus letter filtering. After filtering the virus and advertising mail through NGS 5H, send the clean mail to the mail host.

Virus letter filtering *

Abnormal IP analysis

Bandwidth Management (QoS)

Help network administrators control network traffic, effectively slow down corporate network congestion, improve serviceability and bandwidth usage. With QoS (Bandwidth Management), it can distribute limited bandwidth to all users. The difference with the general bandwidth manager is that the NGS 5H has a guaranteed bandwidth as well as maximum bandwidth and priority management. It also has a personalized bandwidth management design that allows for bandwidth management settings for individual users. If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to users under the enterprise, which can effectively prevent the bandwidth from being exclusive to the user.

Content filtering

URL database management

Online behavior record

Some employees of the company go online during work hours, do things that are not for work purposes, have small chats, and have a lot of secrets. In addition to limiting the permissions used by user-related applications, NGS 5H can also record related online behaviors, including browsing web pages and mail delivery. When a company has a leak, the information that has been saved is the best evidence used to prove it.

Traffic Analysis

Application management

Various network application softwares are not only difficult to manage, but also easier to become the best conduit for data leakage and virus attacks. NGS 5H has built-in multiple application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees to use application software. Permissions to protect corporate network security.

VPN function

Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.

HERHSIANG Android SSLVPN APP

Graphical traffic report (DashBoard purchase)

Provides a flow report of the WEB interface, and draws the historical state of the system into a chart, so that the administrator can keep abreast of the current system operation status. NGS 5H provides system status chart (including CPU load map, memory load map, system load), network traffic graph (LAN traffic, WAN1~WAN3 traffic), and provides query conditions to quickly search each traffic status history.

MD 1U Mail Server

High-quality hardware and full-featured firmware configuration

Host hardware planning:
Adopt a stable server motherboard, industrial-grade chassis, industrial-grade power supply. (Customers have used it for 10 years)

Data security planning:
The data disk uses 1 PCIe NVMe M.2 SSD, the system backup disk 1 HDD, and the two are automatically synchronized.

Advantages of security planning:
ONBOARD synchronization is faster than USB and network backup, which can ensure that the data is saved in a short time. When the data disk is faulty and the data is damaged and cannot be used, MIS can directly use the system backup disk as a data disk, and the recovery speed is fast without waiting. Annoyingly long restoration time.

Strong capacity expansion:
The memory can be expanded to the maximum capacity of the motherboard. In addition, when the capacity of the data disk is insufficient, you can use another 2bay spare hot-swappable box, purchase a larger capacity HDD, and set the system backup disk capacity to be used directly as a data disk after synchronization Then there is an increased capacity data space available. (The suggested maximum capacity can be used, please call for inquiry)

Full firmware configuration:
The firmware of MDispersion mail server adopts a full-featured configuration. In addition to Kaspersky Anti-Virus, H57TA does not have other optional functions. HERHSIANG needs to use the existing concept, which can reduce the time wasted by some necessary processes. It is enough to meet the company's needs in real time.

IPMI (IP KVM) feature description

IPMI Tool is an Out-of-Band IPMI tool that allows users to connect to system devices with IPMI through CLI (Command Line Interface).

The program provides two usage modes, namely: OS command line mode and Shell mode..

The program can be easily integrated with the existing infrastructure to connect with the server's baseboard management controller (BMC) to achieve the function of remotely configuring the system.

Main features of IPMI Tool:

Remote system management
SuperBlade management
MicroBlade management
System power control
HDD and NVMe management
FRU management
System diagnosis (via Super Diagnostics Offline)
NM (Node Manager) management
Group management

Remote IPMI management
Support IPv6
Remote text interface operation (Serial-Over-LAN)
Firmware upgrade
System sensor and event log
Power supply and battery backup power (BBP®) module monitoring
Multi-node system information
Virtual media management (node product key required)
Remote desktop interception (node product key required)

Operating System (OS)
Red Hat Enterprise Linux (RHEL) 6.8 and above
SUSE Linux Enterprise Server (SLES) 11 and above
Ubuntu Server 14.04 and above
Windows 7, 10
Windows Server 2008 R2 SP 1, 2012 R2

IPMI View is an application software based on a graphical user interface that allows administrators to manage multiple systems through BMC.

IPMIView supports BMC compliant with IPMI v1.5 or v2.0.

IPMI View monitors and reports the status of the SuperBlade system, and supports remote KVM and mounting virtual media.

IPMI View product features:
IPMI system management
Remote Graphical Interface (KVM) control
Remote text interface (SOL) control
Virtual media device management
IPMI user/group management
Trap receiver
Mobile application (Android, iOS)

Decentralized mail architecture

Support IPV4 / IPV6 address

Easy to install

All management items of MDispersion H57TA can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.

Home details

The MDispersion H57TA homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Multi-domain independent mail system function

MDispersion H57TA has a multi-domain independent mail system function (multi-DOMAIN). In addition to setting the domain name of its parent company, if it also needs to receive other branch domain name letters at the same time, you can enter other domain names on the system. There is no limit to the number of multi-domain names, which allows the enterprise mail system to have multiple mail domain aliases at the same time.

Exclusive IOS & Android Mail App

MDispersion H57TA provides a dedicated App sending and receiving program, which is synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G, allowing you to keep track of mail messages at any time.

Mail firewall

Mail Gateway Protection

Multi-layer spam filtering mechanism

MDispersion H57TA mail server has built-in gray list, fingerprint identification, black and white list setting, IP address anti-decryption verification, SPF verification, sender abnormality verification, DKIM verification function, and has text link filtering and abnormal sending Detection and protection mechanism, which can filter and parse the URL of the message body, and detect and scan compressed archives (ZIP / RAR). Any irregularity can be filtered or blocked, which can greatly reduce the threat from email threat .

Smart Spam Learning Mechanism

Phishing email attacks and infiltration methods have been continuously improved, from emails, pictures, file archives, web page advertisements, system vulnerabilities to encrypted ransomware. MDispersion H57TA uses advanced tools (smart learning) to interpret all incoming and outgoing email data and analyze the threats that may be hidden in it. For example, use the spam classification engine to automatically learn the letter characteristics of SPAM and HAM to help identify thousands of malicious programs or viruses. MDispersion H57TA will deal with the complex problem of email. Through the concept of interconnection and data sharing, the email data will be transmitted through the cloud intelligent learning system to prevent and track the source of malicious attacks.

Sandstorm malware filtering mechanism

Ransomware protection

Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. The MDispersion H57TA email system provides a URL body link filtering database, which breaks through the general filtering against the sender's source IP or domain. MDispersion H57TA plus the body IP and domain can effectively prevent ransomware attacks.

Virus Letter Filter [Kaspersky (optional)]

SPF and DKIM authentication mechanism

Message Encryption (TLS) for secure message delivery

The MDispersion H57TA mail server supports TLS (all MDispersion models). When users send and receive mail through SMTP, POP3, or IMAP, the mail will be transmitted using TLS encrypted connection, allowing mail data to be transmitted between personal devices and mail hosts. In this way, it is possible to securely prevent theft from being encrypted.

"Mail Security Signature" Identity Authentication Mechanism

Most hacking methods will steal the recipient's letter, fake the sender's reply scam, and in order to make the recipient reply to the letter for verification and not be received by the original sender, the sender's name will be partially changed. , So that the recipient is deceived without any doubt about him. MDispersion H57TA mail security seal, provide personal verification seal and develop a seal icon, so that after receiving the letter, the recipient can return to the sending mail host through the link to confirm the original letter content, and check the confirmation letter sent Whether the content is consistent and consistent with the content.

Email content audit filtering

Personal data filtering protection

Mail log function backup

Painless transfer of letters

Decentralized management and management

Various statistical reports

Dual-machine (HA) and remote backup function

POP3 proxy

Oversized attachment sending function

MDispersion H57TA decentralized architecture mail server mail sending method, eliminates the problem of capacity limitation. Adopts the method of downloading the mail attachment file with a super download. When the sender's sending capacity exceeds the administrator's setting, the user receives When you send a letter, you can quickly download the file in http or encrypted mode (https).

New Webmail

Push Mail

With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? MDispersion H57TA mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.

Newsletter delivery system

Webmail folder sharing (cloud disk)

MDispersion H57TA mail host cloud hard disk provides a space for all users to share, users can share information, briefing materials, technical documents, market information, etc., through the interface can quickly upload or download files, and classify these files, which Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Webmail 2-step verification

Users can steal passwords by using the same password on multiple websites, downloading software over the Internet, and clicking links in email messages. MDispersion H57TA Webmail uses a two-step verification mechanism to ensure account security through LINE notification verification or backup email. Even if a bad person steals your password, 2-step verification still keeps your account secure.

Co-signed files (mail disclaimer)

Outlook address book, Google calendar synchronization integration

Allows users to synchronize the use of webmail and outlook contact list (including groups), MDispersion H57TA provides Outlook Connector communication synchronization integration function, whether you use it in Outlook or Webmail interface, you can quickly and regularly synchronize with each other, allowing you to E-mail is easier and more convenient to use. MDispersion H57TA mail server calendar can be integrated with Google Calendar, all schedules can be viewed on the same page, and meetings, work or private leisure time can be easily arranged.

Personal calendar

Simple management

Encrypted mail compression (full email or attached file)

The MDispersion H57TA mail host allows enterprises to provide a more secure operating structure for gateways and terminals under the existing mail system architecture. Managers can convert entire .eml emails to encrypted PDF files for specific personnel, or only encrypt and compress the attachments of their emails to ensure that emails are stolen during transmission and leak important information. The recipient can use a PDF reader when receiving the email, and enter the password to view the original email content, including of course the attached attachment file.

System backup and restore

For the set backup content, the backup is performed at a specified time. It is more convenient to directly use the USB slot on the HERHSIANG mail server interface for backup, making it easier for the administrator to maintain. After using USB HDD for full machine backup, if the local system hard disk fails, select the USB backup system hard disk to be used when booting, and the whole machine will return to the state before the backup, which can replace the tape drive to the system. Do permanent storage.

Hard drive test

In view of this, the MDispersion H57TA mail host provides a hard disk detection mechanism. Through real-time detection, the hard disk health status can be grasped, and related warning messages are provided to allow administrators an additional security protection mechanism.

Hardware specification

DDRIII-RAM: ECC 8GB

SATA-III HDD: 3.5 "Enterprise Disk 4000GB * 1 3.5" NAS Red Label 4000GB * 1

Console: On-screen keyboard

USB 3.0 Port: 2

Number of people: Unlimited

System Management

Management settings using a browser (HTTPS)

Supported Service Agreement

ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS

OnBoard web interface

1 LAN / 1 HA / 1 iSCSI / 1 IPMI Port (All Giga Port)

Hot extraction box (panel lockable, with key)

Use environment

Operating environment temperature: 0 ~ 60 ° C / Operating environment humidity: 5% ~ 95%

Safety certification

FCC, CE, UL, cUL

Model size

350mm (D) x 219mm (H) x 214mm (W)

Power Supplier

Input power: 100 ~ 250 VAC (manual switching) / Power supply: 250 Watts / Power on automatically starts

Placement: rack

MD 2U Mail Server

High-quality hardware and full-featured firmware configuration

Host hardware planning:
Using strong stability server motherboard built-in IPMI, industrial-grade chassis, industrial-grade power supply. (Has been used by customers for 10 years)

Data security planning:
The data disk adopts 2 enterprise HDD 4TB (RAID 1), and the system backup disk adopts 1 NAS grade HDD 4TB hard disk.

Advantages of security planning:
When the data disk (RAID 1) fails and the data is damaged and cannot be used, MIS can directly use the system backup disk as a data disk, and the recovery speed is fast, without waiting for a long recovery time.

Strong capacity expansion:
The memory can be expanded to the maximum capacity of the motherboard. When the capacity of the data disk is insufficient, the capacity can be expanded. Two data disks can be replaced with a larger capacity HDD. After the settings are synchronized with the system backup disk capacity, the data disk can be enlarged Capacity data space is available. (The suggested maximum capacity can be used, please call for inquiry)

Full firmware configuration:
The firmware of MDispersion mail server adopts a full-featured configuration. In addition to Kaspersky Anti-Virus, H91X does not have other optional functions. HERHSIANG needs to use the existing concept, which can reduce the time wasted by some necessary processes. It is enough to meet the company's needs in real time.

IPMI (IP KVM) feature description

IPMI Tool is an Out-of-Band IPMI tool that allows users to connect to system devices with IPMI through CLI (Command Line Interface).

The program provides two usage modes, namely: OS command line mode and Shell mode.

The program can be easily integrated with the existing infrastructure to connect with the server's baseboard management controller (BMC) to achieve the function of remotely configuring the system.

Main features of IPMI Tool:

IPMI View is an application software based on a graphical user interface that allows administrators to manage multiple systems through BMC.

IPMIView supports BMC compliant with IPMI v1.5 or v2.0.

IPMI View monitors and reports the status of the SuperBlade system, and supports remote KVM and mounting virtual media.

Built-in 2 hard disk arrays support hot extraction (RAID 0 1)

Supports two 3.5 ”SATA hard drives.

Support SATAIII interface to connect with host.

Support RAID 0, 1.

Supports a single hard drive with a capacity of more than 500GB.

Provide 2 Hot Swap hard disk extraction boxes, support online hard disk hot swap.

Support online automatic rebuild after updating the hard disk, the maximum rebuild speed is 200GB per hour.

Supports disk roaming technology.

Support sleep power saving mode.

Support online bad track detection and repair function.

Supports the function of delayed staggered startup of hard disks to reduce the power consumption when booting.

The front LCD display panel can monitor the hard disk status, system voltage, temperature, and fan operation detection.

With LED status indicator, hard disk access / fault indicator.

Support buzzer sound warning.

Built-in 5cm ball bearing cooling fan to increase system stability.

Decentralized mail architecture

Support IPV4 / IPV6 address

Easy to install

All management items of MDispersion H91X can be set by browser software, so your computer does not need to install any software, and provides Anti-Spam and Anti-Virus filtering functions.

Home details

The MDispersion H91X homepage provides detailed system status information, including dynamic CPU RAM HDD, system time, mail traffic statistics, mail server information and mail server services.

Multi-domain independent mail system function

MDispersion H91X has a multi-domain independent mail system function (multi-domain). In addition to setting the domain name of its parent company, if it needs to receive other branch domain name letters at the same time, you can enter other domain names on the system. MDispersion H91X There is no limit to the number of multi-domain names, which allows the enterprise mail system to have multiple mail domain aliases at the same time.

Exclusive IOS & Android Mail App

MDispersion H91X provides a dedicated App sending and receiving program, which is synchronized with Webmail and installed on a mobile phone or tablet through 3G or 4G timing, allowing you to grasp the mail messages at any time.

Mail firewall

Mail Gateway Protection

Multi-layer spam filtering mechanism

MDispersion H91X mail server has built-in gray list, fingerprint identification, black and white list setting, IP address anti-decryption verification, SPF verification, sender abnormality verification, DKIM verification function, and has text link filtering and abnormal sending Detection and protection mechanism, which can filter and parse the URL of the message body, and detect and scan compressed archives (ZIP / RAR). Any irregularity can be filtered or blocked, which can greatly reduce the threat from email threat .

Smart Spam Learning Mechanism

Phishing email attacks and infiltration methods have been continuously improved, from emails, pictures, file archives, web page advertisements, system vulnerabilities to encrypted ransomware. The MDispersion H91X research and development team uses advanced tools (smart learning) to interpret all incoming and outgoing emails and analyze the threats that may be hidden in them. For example, use the spam classification engine to automatically learn the letter characteristics of SPAM and HAM to help identify thousands of malicious programs or viruses. MDispersion H91X will handle the complex problem of email. Through the concept of interconnection and data sharing, the email data will be transmitted through the cloud intelligent learning system to prevent and track the source of malicious attacks.

Sandstorm malware filtering mechanism

Ransomware protection

Managers can compare the subject, attachment file (zip / rar), and extension by setting the rules and regulations to isolate and block e-mails that may be subject to ransomware attacks, reducing the harm of enterprises from ransomware attacks. In addition, in addition to infiltration by file attacks, e-mail attacks also include malicious link URLs in the text to trick users into clicking. The MDispersion H91X mail system provides a URL text filtering database, which breaks through the general filtering against the sender's source IP or domain. MDispersion H91X plus the text IP and domain can effectively prevent ransomware attacks.

Virus Letter Filter [Kaspersky (optional)]

SPF and DKIM authentication mechanism

Message Encryption (TLS) for secure message delivery

The MDispersion H91X mail server supports TLS (all MDispersion models). When users send and receive mail through SMTP, POP3 or IMAP, the mail will be transmitted using TLS encrypted connection, allowing mail data to be transmitted between personal devices and mail hosts In this way, it is possible to securely prevent theft from being encrypted.

"Mail Security Signature" Identity Authentication Mechanism

Most hacking methods will steal the recipient's letter, fake the sender's reply scam, and in order to make the recipient reply to the letter for verification and not be received by the original sender, the sender's name will be partially changed. , So that the recipient is deceived without any doubt about him. MDispersion H91X email security seal, provide personal verification seal and develop a seal icon, so that after receiving the letter, the recipient can return to the sending mail host through the link to confirm the original letter content and check the confirmation letter Whether the content is consistent and consistent with the content.

Email content audit filtering

Personal data filtering protection

Mail log function backup

Painless transfer of letters

Decentralized management and management

Various statistical reports

Dual-machine (HA) and remote backup function

POP3 proxy

Oversized attachment sending function

MDispersion H91X decentralized structure mail server mail sending method, eliminates the problem of capacity limitation. Adopts super knot download instead of letter attachment file to enter, when the sender's sending capacity exceeds the administrator's setting, the user receives When you send a letter, you can quickly download the file in http or encrypted mode (https).

New Webmail

Push Mail

With the popularization of mobile Internet devices, when business people go out and cannot receive the customer's E-mail messages in real time, how to quickly grasp the latest and most important information in the mailbox? MDispersion H91X mail host Push Mail function allows you to shorten the distance between you and your customers. Whether using a tablet or smartphone, users can receive the latest email information through the Internet anytime, anywhere.

Newsletter delivery system

Webmail folder sharing (cloud disk)

MDispersion H91X mail host cloud hard disk provides a space for all users to share. Users can share information, briefing materials, technical documents, market information, etc. Through the interface, they can quickly upload or download files, and classify these files. Some are private and which can be made public. Users can check the information at any time by crawling on the Webmail website. When the attached file is too large, the mail server provides a manager that can convert files that exceed the file size limit into hyperlinks.

Webmail 2-step verification

Users can steal passwords by using the same password on multiple websites, downloading software over the Internet, and clicking links in email messages. MDispersion H91X Webmail uses a two-step verification mechanism to ensure account security through LINE notification verification or backup email. Even if a bad person steals your password, 2-step verification still keeps your account secure.

Co-signed files (mail disclaimer)

Outlook address book, Google calendar synchronization integration

Allows users to synchronize the use of webmail and outlook contact list (including groups). MDispersion H91X provides Outlook Connector communication synchronization integration function. Whether you use it in Outlook or Webmail interface, you can synchronize with each other quickly and regularly. E-mail is easier and more convenient to use. MDispersion H91X mail server calendar can be integrated with Google calendar, all schedules can be viewed on the same page, and meetings, work or private leisure time can be easily arranged.

Personal calendar

Webmail's easy-to-use calendar tool also helps you manage daily events and calendars. And provides a group calendar function, so that you can also grasp all department-related activities at the same time. MDispersion H91X Webmail calendar has a web version of operation settings, and also provides APP applications (including IOS and Android), the two can be synchronized schedule.

Simple management

Encrypted mail compression (full email or attached file)

MDispersion H91X mail host allows enterprises to provide a more secure operating structure for gateways and terminals under the existing mail system architecture. Managers can convert entire .eml emails to encrypted PDF files for specific personnel, or only encrypt and compress the attachments of their emails to ensure that emails are stolen during transmission and leak important information. The recipient can use a PDF reader when receiving the email, and enter the password to view the original email content, including of course the attached attachment file.

System backup and restore

Support RAID0 or RAID1 function

RAID0 divides the data into multiple blocks. When the data is written to the hard disk and read at the same time, the blocks can also be read from each hard disk at the same time, so it has very good performance. RAID1 needs to write the same data to each hard disk, and the writing speed is no different from a single hard disk. As for reading data, because it can read data from different hard disks simultaneously, the reading speed will be a little faster than a single hard disk.

Hardware specifications

CPU: INTEL E3 XEON E3-1200 V5 CPU

Motherboard: SUPERMICOR server level

DDRIII-RAM ECC: 16GB (2 8GB) dual channel

SATA-III HDD: Enterprise-class 2000GB * 2 Shipped RAID 0 (RAID 0 for internal 2-tier disk array subsystem box)

Built-in backup device hard drive (Enterprise-grade 4000GB * 1)

Console: On-screen keyboard

USB 2.0 Port: 4

Number of people: Unlimited

System Management

Management settings using a browser (HTTPS)

Supported Service Agreement

ICMP, HTTP, HTTPS, SMTP, SMTPS, POP3, POP3S, IMAP, IMAPS

OnBoard web interface

1 LAN / 1 HA / 1 iSCSI / 1 IPMI Port (All Giga Port)

Use environment

Operating environment temperature: 0 ~ 60 ° C / Operating environment humidity: 5% ~ 95%

Safety certification

FCC, CE, UL, cUL

Model size

19 "x 2U x 550mm (21.65" deep)

Industrial control server grade PS2 POWER SUPPLY (non-general PC power supply)

Input power: 100 ~ 250 VAC (Autosensing) / Power supply: 450 Watts or more / Power on automatically starts

Mounting method

Rack-mount models suitable for racks

MA 1U Server

Hardware quality enhancement and firmware configuration

Host hardware planning:
Using strong stability server motherboard built-in IPMI, industrial-grade chassis, industrial-grade power supply. (Has been used by customers for 10 years)

Data security planning:
The data disk uses 1 enterprise-level HDD 4TB, and the system backup disk uses 1 NAS-grade HDD 4TB hard disk, and the two are automatically synchronized.

Firmware function configuration:
MArchive mail archive server firmware function configuration, H57TA has no other optional functions except Kaspersky anti-virus and email big data analysis functions, which can meet the needs of the company.

IPMI (IP KVM) feature description

IPMI Tool is an Out-of-Band IPMI tool that allows users to connect to system devices with IPMI through CLI (Command Line Interface).

The program provides two usage modes, namely: OS command line mode and Shell mode.

The program can be easily integrated with the existing infrastructure to connect with the server's baseboard management controller (BMC) to achieve the function of remotely configuring the system.

Main features of IPMI Tool:

IPMI View is an application software based on a graphical user interface that allows administrators to manage multiple systems through BMC.

IPMI View supports BMC compliant with IPMI v1.5 or v2.0.

IPMI View monitors and reports the status of the SuperBlade system, and supports remote KVM and mounting virtual media.

Operating System (OS)
Red Hat Enterprise Linux (RHEL) 6.8 and above
SUSE Linux Enterprise Server (SLES) 11 and above
Ubuntu Server 14.04 and above
Windows 7, 10
Windows Server 2008

Product Manual

MArchive H57TA's main functions include front-end gate protection capabilities (Anti-Virus, Anti-Spam, pre-mail audit, ransomware protection) and back-end audit capabilities (post-mail audit, mail record archiving, and mail history tracking). A single device can meet the email management needs of most enterprises. In addition to the basic record backup, the product also provides a complete internal and external, internal and external audit mechanism to review the mail received by employees.

Archive server features

Provide a stable, safe and stable storage space with unlimited capacity expansion.
Archive the entire enterprise's mail to one or more My SQL Server / MariaDB database.
Reduce the workload of the mail server. When the email is archived, the email can be deleted to keep the workload of the mail server at a certain level of operation.
With mail data leakage protection function, it can filter email content and attachment files to prevent data leakage.
Prevent users from deleting e-mails, avoid users from deleting important e-mails at will, and let enterprises have the risk of losing important information. The HERHSIANG archive server can completely eliminate this risk
Provide cloud backup and archive cloud services such as Office365 and Gmail.
Comply with relevant laws and regulations such as the Personal Assets Law and Business Secrets Protection Law.
Mail can be quickly restored through the personal mail backup and restore process-even accidentally deleted mail!
Provides webpage management mode, allowing users to search past emails from anywhere in the world.

Archive server features

Free you from the problem of PST file management and reduce the dependence on bulky PST files (Outlook)-easy to damage or lose in the event of hardware failure, you can archive and back up all Mail of the company early on HERHSIANG MArchive H57TA equipment
Provide users with a single web interface to search, and can retrieve past mails through My Mail personal inbox "retrieve mail"
Significantly reduce the storage requirements of mail, and at the same time do a good job of mail backup function.
Enhance Exchange performance and simplify backup and recovery
Reduce IT costs and expenses, reduce the excessive burden on the mail server, and reduce the complexity of the IT department's backup and letter preservation and restoration.
Helps to comply with personal data protection laws and ISO BS7799 regulations.
Provides extremely fast full-text search emails and all types of file attachments

Support multiple domains and multiple mail hosts at the same time

HERHSIANG MArchive H57TA mail filtering and auditing equipment can support enterprises with multiple domain names (for example: herhsiang.com; herhsiang.com.tw ...) or a network environment built by multiple mail hosts, and can follow the preset rules Automatically transfer letters and attachments to storage devices.

Mail Gateway Protection

HERHSIANG provides high-efficiency spam filtering functions. The Mail Gateway solution can be safely deployed on the front of the mail server. The original HERHSIANG Mail OS technology and multi-layer mail scanning mechanism can effectively block the increasing number of spam, viruses and malicious email , Springboards, phishing emails, spyware and other threats to help companies effectively manage email security protection and improve service quality.

MArchive supports IPV4 / IPV6 address

In addition to supporting the IPv4 network environment, MArchive H57TA also supports the latest IPv6 Internet Protocol, a network architecture that allows IPv4 and IPv6 to run concurrently.

Full anti-spam filtering mechanism (Anti-Spam)

HERHSIANG spam filtering adopts the industry's most innovative approach to threat detection, applying the latest multi-layer scanning technology, including IP address credit rating, Bayesian filtering, Bayesian filtering automatic learning mechanism, spam feature filtering, and text link filtering mechanism , Automatic garbage learning, system black and white lists and personal black and white lists. In addition, in order to filter the hackers' penetration through the use of text links, the system provides a text link database, which can further protect corporate email security.

Garbage learning sharing mechanism

The "spam learning sharing" mechanism developed by the professional research and development team is a concept similar to the sharing economy. Users share spam information, analyze and interpret the email behaviors by the professional research and development team, and add machine learning algorithms to handle large Data allows enterprise users to quickly filter thousands of e-mail threats without using complex scanning engines, achieving a higher detection rate and the lowest false blocking rate than traditional spam filtering.

Anti-Virus Protection [Kaspersky (optional)]

MArchive H57TA has two built-in virus filtering engines, Clam AV and Kabbah Anti-Virus Engine (optional), which can accurately filter hidden viruses trapped in emails. Clam AV can automatically and automatically update the virus code for free. Millions of pens, so that enterprises can always stay up-to-date with the least cost. In addition, users can purchase a Kabbah anti-virus engine. The dual-engine protection can ensure mail security even more. All virus emails that are quarantined through the system provide complete virus filtering reports and records, and support Alarm.

Sandstorm Malware Detection

Detect files or URLs that are suspected to be at risk, and filter and detect attachments and URLs by comparing hash values. It can deeply block some malicious programs that have not been filtered by viruses and IPS signature databases. Letters are quarantined to hide hidden malicious programs and prevent users from receiving mail.

Event log viewer

Provides information, warnings, and errors and when they occur within the mail audit filtering facility. Simple and detailed log query service makes system maintenance easy and convenient. Its log management function is very comprehensive, and through WEB, it allows administrators to quickly query and search various types of system logs.

Mail archiving, review, and review (Mail Archive)

MArchive H57TA has a built-in post-mail archival audit mechanism, which can completely archive and store corporate emails. Whether it is external to internal, internal to external, or internal to internal, real-time archiving is performed. In addition to preventing users from deleting emails by mistake, Provide email resume graphs and provide a friendly keyword search mechanism. The system provides an interface for personal email archiving. Users can search online through IE, and search through keywords such as domain, user, sender / receiver, subject, email content, date, and attached files. Search archived messages, and read or retrieve the messages you need.

Mail audit filtering (Mail Audit), and has a personal filtering function

Through the device management interface, network administrators can adjust the conditions for sending and receiving mail according to the company's own mail policy settings. MArchive H57TA audit filtering equipment adopts the Policy method, and administrators can apply control rules based on the types of recipients, the subject of the message, the content of the message, the capacity of the message, and the file extension of the message. For personal information related conditions, He Xiang also provides personal information filtering related to sensitive information, including ID card number, date of birth, phone number, credit card number, mobile phone and other conditions. When the detection meets the filtering conditions, you can choose to forward it to the auditors for quarantine, deletion, copying, or sending a notification letter.

Mail logging, archiving and backup

Local storage record: HERHSIANG MArchive H57TA has a built-in 4TB hard disk capacity, which is archived according to the system default. The recorded mail is backed up to the database and stored in the local storage for 7 days by default.

External storage backup: Including USB backup, FTP backup, SAMBA (Network Neighborhood Backup), if the personal computer or mail host has an unexpected situation and cannot work, personal mail is still safely stored in the MARCHIVE H57TA hard disk and storage device. MARCHIVE H57TA can connect to multiple storage servers at the same time, and the administrator can directly search, retrieve or retrieve the backed up emails.

Support Office365, Gmail email backup files

MArchive H57TA mail backup service can support cloud platform and storage services, provide a hybrid cloud (public cloud / private cloud) flexible platform, integrate existing Google, Microsoft Office 365 cloud mail services, in addition to allowing enterprises to continuously maintain audit data on cloud mail Capabilities can also allow corporate emails to be placed in different storage locations to achieve the purpose of diversifying risks and offsite backups.

Integration of multiple identity authentication servers

MArchive H57TA can integrate multiple types of identity authentication servers to effectively check the correctness of the account during the user login email management process. At present, it can integrate servers including Radius, AD, POP3, IMAP, LDAP, and Google oAuth to check the validity of accounts and passwords. Among them, you must enter a complete email account account to connect to the back-end authentication server for queries. .

Original mail resume function

HERHSANG mail resume function is an original design based on the concept of time axis. In addition to complete auditing and archiving of all incoming and outgoing emails, it also has HERHSIANG'S original mail resume function. With a simple chart to grasp the start of each letter Relevance. When did you receive this letter? How many passes back and forth in the middle? Which users are included in each pass? What is the content of each letter? Through the mail association chart, users can quickly grasp the main interactive associations of letters.

Email Big Data Analysis (Mail Behavior) (Optional)

Data's data analysis is an important feature of Hexiang's archive server. It can analyze the behavior of users, including correlation diagrams of mailing, abnormal mail analysis data, and user time analysis data, so that managers can better understand the enterprise. Internal user mail usage status.

System management and use status

MArchive H57TA provides all network interface usage status, software and hardware system performance table (including real-time information such as boot time, CPU / HD / Memory usage ...), and all system usage status at a glance. The system has Event Log and Sys Log log management functions. If an abnormal event occurs, it will actively record and alert, and the system will send it to the administrator by email. MArchive H57TA provides automatic system update check and download function, which can regularly check the latest update status, and directly perform firmware update service through Web UI.

Flexible decentralized management mechanism

The user rights decentralization setting is super flexible. Users' rights can be set at different levels, including whether they have a manager role or just general queryer or user rights. And can set different mail access and manager permissions. With the authorization of hierarchical management, enterprises can have more flexible control, safe use and management and maintenance. According to the decentralization and decentralization policy of the enterprise department, the authority and management items for each administrator to log in to the management interface can be defined, including system management, SMTP server settings, transparent mode, domain management, authentication, and authority management ...

Web UI management / system settings

Use the Web method to set and update the firmware. The operation screen can be switched to Traditional Chinese / Simplified Chinese / English at any time. You can open / close / https remote control services at will. In addition, the administrator can set the MArchive H57TA device browser title, home page title, and host name of the server.

System backup and restore

According to the set backup content, the backup is performed at a specified time. It is more convenient to use the USB slot on the interface of the HERHSIANG mail audit filter device for backup, which makes it easier for the administrator to maintain.

After using the built-in backup data disk or USB HDD for backup full machine backup, in case the local system hard disk fails, select the backup data disk or USB backup system hard disk to be used when booting, and then return the whole machine to backup It can replace the tape drive to save the system permanently.

No user authorization and restrictions

HERHSIANG MArchive series equipment has no restrictions on the use of the number of people, which will vary depending on the hardware operating performance or the amount of corporate mail. The system provides a free firmware update service mechanism, including the garbage database signature code, and the Clam AV anti-virus engine, which greatly saves maintenance and management costs and reduces after-sales service operations.

Personal Archive interface

Provide personal Archive interface, user permissions include domain query, department query and individual user query. Mail query provides multiple search interface fields, including sender, recipient, subject, content, date, etc. For users who are accustomed to the Outlook interface, Outlook Plug-in is also provided to facilitate searching and archiving directly through Outlook mail.

Personal email disaster backup and restore

In addition to the high-quality hardware configuration, Passive to active, recovery files no longer need to rely on IT professionals to handle, personally send the data on HERHSIANG MArchive H57TA directly to a specific user account again, when the user's computer, hard disk is damaged, data is lost, you can borrow The backup and restore function restores all user letters to the account again, providing the best backup mechanism for disaster recovery.

Exclusive Personalized Dashboard Chart

Different from the traditional system report format, MArchive H57TA mail audit and archiving device provides a personalized report analysis charter. Users can customize the query date to understand the statistics of personal general mail, spam and virus letters. Graphical display. In addition, users can further analyze the proportion of mail received and related information.

Hardware specifications

DDRIII-RAM: ECC 16GB
SATA-III HDD: 3.5" Enterprise Disk 4000GB*1 3.5" NAS Red Label 4000GB*1

Console: On-screen keyboard
USB 3.0 Port: 2
Number limit: no limit
System Management
Use a browser to manage settings (HTTPS)
Supported service agreements
ICMP, HTTP, HTTPS, SMTP, SMTPS
OnBoard network interface
1 LAN / 1 HA / 2 Define / 1 IPMI Port (All Giga Port)
Hot extraction box (Panel can be locked, with key)
4
Use environment
Operating environment temperature: 0~60°C / Operating environment humidity: 5%~95%
Safety certification
FCC, CE, UL, cUL
Model size
350mm (D) x 219mm (H) x 214mm (W)
Power Supplier
Input power: 100~250 VAC (manual switching) / power supply: 250 Watts / power on automatically start
Placement method: rack-mounted

Build architecture: Supports transparent mode (Bridge), gateway mode (Gateway), POP3/IMAP revenue generation deployment architecture

Transparent mode (Bridge)

MArchive H57TA has a set of LAN Bypass mode, which can be set up in front of the main mail server. It uses Bridge mode to record all incoming and outgoing mail. As internal users of the enterprise may use a variety of mail software to receive mail (for example: outlook, Thunderbird …), Whether internal or external or internal to internal, the mail will be audited, filtered, spam filtered, and virus filtered through the MArchive H57TA mail audit and archiving device, and all communication emails will be completely recorded.

Gateway Mode

MArchive H57TA can also be used as a gateway for e-mail. After the virus and advertisement mails are completed, the clean mail is forwarded to the back-end mail server. The e-mail function usually consumes high system resources. Outlook users can also point SMTP to MArchive H57TA as a gateway for audit filtering, and then send the mail to the back-end mail server, or some enterprise users set up the mail server on a virtual machine (VM). The mode of receiving traffic is also applicable to the gateway mode.

POP3 / IMAP collection mode

Adopt POP3 and IMAP collection methods, similar to copying all incoming and outgoing mail to the device in Journal mode, whether the mail host is supported in the cloud (Gmail / 163 / Office365) or the internal Microsoft Exchange Server, IBM Lotus, just need Set the necessary information and download the messages to be backed up to the device.

Quick Links

product description

recruiting

Firmware Download

PChome store

Useful Links

Social networking sites

Facebook

Google+

Twitter

HERHSIANG Information Co., Ltd.

88673494097 88673596785 service@herhsiang.com

3F, No.5, Dinghe St., Sanmin District, Kaohsiung City Taiwan

Business hours: Monday ~ Friday 8:30 ~ 12:00 / 13:30 ~ 1800