Network/ Data Center Setup
Networking Operations & Maintenance
Our network management services include:
VPN Connectivity Solutions
Virtual Private Network, this solution can be setup using either of the solutions ranging from Software To Hardware, We can connect your Device at any location, be it Branch or anything over Public Internet to your Office Network.
Click Here To Download The PDF Documentation For Our Range Of Firewalls
Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic
Limit simultaneous connections on a per-rule basis
The Firewall software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? The Firewall software allows for that (amongst many other possibilities) by passively detecting the Operating System in use.
Option to log or not log traffic matching each rule.
Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)
Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.
Transparent layer 2 firewalling capable – can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).
Packet normalization – Description from the pf scrub documentation – “‘Scrubbing’ is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations.”
- Enabled in the The Firewall software by default
- Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.
Disable filter – you can turn off the firewall filter entirely if you wish to turn your Firewall software into a pure router.
The firewall’s state table maintains information on your open network connections. The Firewall software is a stateful firewall, by default all rules are stateful.
Most firewalls lack the ability to finely control your state table. The Firewall software has numerous features allowing granular control of your state table, thanks to the abilities of FreeBSD’s ported version of pf.
Adjustable state table size – there are multiple production Firewall installations using several hundred thousand states. The default state table size varies according to the RAM installed in the system, but it can be increased on the fly to your desired size. Each state takes approximately 1 KB of RAM, so keep in mind memory usage when sizing your state table. Do not set it arbitrarily high.
On a per-rule basis:
- Limit simultaneous client connections
- Limit states per host
- Limit new connections per second
- Define state timeout
- Define state type
State types – the Firewall software offers multiple options for state handling.
- Keep state – Works with all protocols. Default for all rules.
- Sloppy state – Works with all protocols. Less strict state tracking, useful in cases of asymmetric routing.
- Synproxy state – Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.
- None – Do not keep any state entries for this traffic. This is very rarely desirable, but is available because it can be useful under some limited circumstances.
State table optimization options – pf offers four options for state table optimization.
- Normal – the default algorithm
- High latency – Useful for high latency links, such as satellite connections. Expires idle connections later than normal.
- Aggressive – Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections.
- Conservative – Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization.
Network Address Translation (NAT)
Port forwards including ranges and the use of multiple public IPs
1:1 NAT for individual IPs or entire subnets.
- Default settings NAT all outbound traffic to the WAN IP. In multiple WAN scenarios, the default settings NAT outbound traffic to the IP of the WAN interface being used.
- Advanced Outbound NAT allows this default behavior to be disabled, and enables the creation of very flexible NAT (or no NAT) rules.
NAT Reflection – NAT reflection is possible so services can be accessed by public IP from internal networks.
Limitations: PPTP / GRE Limitation – The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. PPTP is insecure and should no longer be used.
The combination of CARP, pfsync, and our configuration synchronization provides high availability functionality. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. The Firewall software also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.
The firewall’s state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.
Limitations: Only works with static public IPs, does not work with stateful failover using DHCP, PPPoE, or PPTP type WANs.
Multi-WAN functionality enables the use of multiple Internet connections, with load balancing and/or failover, for improved Internet availability and bandwidth usage distribution.
Server load balancing is used to distribute load between multiple servers. This is commonly used with web servers, mail servers, and others. Servers that fail to respond to ping requests or TCP port connections are removed from the pool.
Virtual Private Network (VPN)
The Firewall software offers three options for VPN connectivity, IPsec and OpenVPN.
IPsec allows connectivity with any device supporting standard IPsec. This is most commonly used for site to site connectivity to other Firewall installations and most all other firewall solutions (Cisco, Juniper, etc.). It can also be used for mobile client connectivity.
OpenVPN is a flexible, powerful SSL VPN solution supporting a wide range of client operating systems.
The Firewall software offers a PPPoE server. A local user database can be used for authentication, and RADIUS authentication with optional accounting is also supported.
The RRD graphs in the Firewall software maintain historical information on the following.
Individual throughput for all interfaces
Packets per second rates for all interfaces
WAN interface gateway(s) ping response times
Traffic shaper queues on systems with traffic shaping enabled
Historical information is important, but sometimes it’s more important to see real time information.
SVG graphs are available that show real time throughput for each interface.
For traffic shaper users, the Status -> Queues screen provides a real time display of queue usage using AJAX updated gauges.
The front page includes AJAX gauges for display of real time CPU, memory, swap and disk usage, and state table size.
A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.
Custom – allowing defining update method for providers not specifically listed here.
A client is also available for RFC 2136 dynamic DNS updates, for use with DNS servers like BIND which support this means of updating.
Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general. The following is a list of features in the Firewall Captive Portal:
Maximum concurrent connections – Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page.
Idle timeout – Disconnect clients who are idle for more than the defined number of minutes.
Hard timeout – Force a disconnect of all clients after the defined number of minutes.
Logon pop up window – Option to pop up a window with a log off button.
URL Redirection – after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.
MAC filtering – by default, Firewall filters using MAC addresses. If you have a subnet behind a router on a captive portal enabled interface, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.
Authentication options – There are three authentication options available.
- No authentication – This means the user just clicks through your portal page without entering credentials.
- Local user manager – A local user database can be configured and used for authentication.
- RADIUS authentication – This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.
- Forced re-authentication
- Able to send Accounting updates
- RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client’s MAC address as the user name and password.
- Allows configuration of redundant RADIUS servers.
HTTP or HTTPS – The portal page can be configured to use either HTTP or HTTPS.
Pass-through MAC and IP addresses – MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal. You may wish to exclude some machines for other reasons.
File Manager – This allows you to upload images for use in your portal pages.
Limitations: “Reverse” portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.
Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.
The Firewall software includes both DHCP Server and Relay functionality
This is by no means a conclusive list. It will be expanded as time permits.
We have a range of Software solutions which we provide & Integrate with our clients, as per their needs and requirements. Be it a simple Accounting Software, or a complete CRM/ Sales Management/ Pipeline Management/ Field Service Management Solution, you can reach us and we provide you with the best solution till you are up and running, We believe that a software is sold only when the user utilizes its full potential.
Web-Hosting/ Email Hosting
We provide Hosting solutions to our customers, using our own Cloud VPS Servers, Located in Texas, Dublin, Chicago, Dallas. Every customer is important to us, therefore, the performance of their websites is never compromised, each server has Random Access Memory Of 32GB with each server hosting no more than 2 customers. All of Our customers are provided with Unlimited Hosting Plans.
Queue Management Solutions
EaZy-Q® provides an economical queue system solution which is a cost effective way of managing long customers queue by automating the process of re-directing the crowd to multiple channel with less rush or straight to a vacant areas. Our system helps in meeting specialized business customer flow requirements with built in multichannel customer flow algorithm so that customer doesn’t have to take multiple tokens numbers for different services. Our advance EaZy-Q® queue management solution intelligently and seamlessly manages multiple department calls using the same token number and makes day to day business more smooth and efficient. Our electronic queue system is completely IP based which makes it more scalable and robust than any product available in the market. EaZy-Q® provides both Wired and Wireless queuing system technology which makes it easier & flexible for our clients to manage their infrastructure based on their needs. Our solution is completely IP based which makes relocating devices efficiently, cost effective and seamless.
WIRED & WIRELESS Technology with mix and match capability
Multi-Lingual (English, French, German, Arabic, Tagalog and more…)
Intelligent Controls for Timings & Load-Sharing
Attendant’s Login & Logout with Efficiency Control
Advance & Intelligent Calling controls (such as Priority Call / Save Next / Auto-Recall, etc.)
Floor Mount, Wall Mount & Desktop Token Dispensers (with matching interior – as required)
Outdoor Queue Management Systems
EaZy-Q® is the pioneer in introducing outdoor queue management solutions in the region. This solution has provided many customer a unique way of handling customer inflow in the large open area. This system can be used to manage the following areas:
Water delivery pickup area and much more…
EaZy-Q® offers 3 ways for online booking which are as follows:
Web page (embedded URL in the business web site)
Through advance mobile application
Can be integrated with the existing online booking application.
Combine with the expertise of our in house developer, EaZy-Q® offers a customized web page for the online booking. This page is usually linked to the business web site through a menu item or button provided anywhere on the web site. Any information collected gets saved either on the Cloud based server (usually setup by EaZy-Q® Team) or public server hosting provided by the client. When customer clicks on the Online Booking URL, required information (based on the business requirement) is presented on the page.
For example, customer are asked to fill their Name, Mobile #, Email Address, Purpose of the visit in terms of “Required Service”, Available Date and Time. Note that the date and time will be fetched dynamically based on days and hours of operation for a specific business. Once all the required entry options are filled, customer either clicks “Cancel” to discard the booking or clicks “Submit “ to proceed with the booking.
After customer submits the booking information, usually but no limited to, EaZy-Q® either interact with the client existing database and save the information for client system, Insert the data in EaZy-Q® Electron ic Approval System database for Online Booking Approval or shoots an email and / or SMS to the concern department for manual processing.
If the booking is being handled by the client’s existing system, EaZy-Q® will fetch the booking reference number from the existing client’s database and use this information to issue token number at the time of booking retrieval. Usually, these information are scheduled to be fetched in the nightly scheduled task but also it can be done periodically (single or multiple times) at any part of the day.
Centralized Management System (CMS) Features & Benefits
Centralized control for multiple branches and departments. These branches can be in multiple countries, cities as well as geographical areas in the same city. Clients can manage queue system related changes from one central location (Head office). For example, managing counters, services , managing user access, changing promotional messages on the Displays, updating messages on the printed tokens and much more.
Monitor alerts and offline devices (if any)
Real time reporting for multiple branches
Our Mobile Application is one of the most advance tools available in the queue management solutions that enable customers get in the queue with the convenience of sitting on their comfy couch at home. All you need to do is download our app from “App Store” or “Google Play Store”. Besides the basic features of getting virtual token numbers, our mobile app has a lot more features For example, this app can also be used to collect the feedback from the customer, make online appointment booking, retrieve booking, find nearest branch and much more.
Our online booking through this application makes it easier for the customers to manage their visit more efficiently and conveniently. This tool helps business to reduce number of people waiting in their premises.
Another great new feature of this app is “Location Finder” which makes it easy for the ADHOC customer to navigate to the nearest branch with less waiting time. With this feature, our Real-time synchronization provides user the information right to the seconds (number of people waiting, estimated waiting time etc.) so that customer can make right decision. Due to the real-time updates, customer gets up to date information for any changes occurs on the business service level. For example, user gets notified if the branch is closed for renovation, change in business hours etc.
Let us take a brief moment to explain how this whole thing works. EaZy-Q® comprehensive queue management solution provides three different ways to your prestige customers to take the token number and get into the waiting queue. Customers can take a token from either a self-serve token dispenser kiosk, go to the reception / customer service help desk to get the token number or use our advance mobile application by the convenience of the hand held devices.After taking the token number, EaZy-Q® queue management main engine installed on the server PC (on the cloud, Virtual Server OR Physical server on the local network), assign the appropriate flow for that customer. When the system reaches at a particular number before the specific (target) waiting customer, system generates an SMS and / or Mobile-App-Alert to notify the customer for their upcoming turn. System announces token number on first come first serve basis (unless there is priority customer in the queue).
After announcing the token number, customer of that token number will proceed to the counter / room where the attendant has called the number. After being served, customer will either go out or proceed to the next attendant depending customer flow algorithm set in the system. Before leaving the premises, if CFS product is available in that location, customer can provide his / her feedback using our advance Customer Feedback Solution. At any point of time management take reports, see live dashboards and much more to get real time customer flow information.