Click Here To Download The PDF Documentation For Our Range Of Firewalls

• Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic

• Limit simultaneous connections on a per-rule basis

• The Firewall software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? The Firewall software allows for that (amongst many other possibilities) by passively detecting the Operating System in use.

• Option to log or not log traffic matching each rule.

• Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)

• Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.

• Transparent layer 2 firewalling capable – can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).

• Packet normalization – Description from the pf scrub documentation – “‘Scrubbing’ is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations.”

  • Enabled in the The Firewall software by default
  • Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.

• Disable filter – you can turn off the firewall filter entirely if you wish to turn your Firewall software into a pure router.

The firewall’s state table maintains information on your open network connections. The Firewall software is a stateful firewall, by default all rules are stateful.

Most firewalls lack the ability to finely control your state table. The Firewall software has numerous features allowing granular control of your state table, thanks to the abilities of FreeBSD’s ported version of pf.

• Adjustable state table size – there are multiple production Firewall installations using several hundred thousand states. The default state table size varies according to the RAM installed in the system, but it can be increased on the fly to your desired size. Each state takes approximately 1 KB of RAM, so keep in mind memory usage when sizing your state table. Do not set it arbitrarily high.

• On a per-rule basis:

  • Limit simultaneous client connections
  • Limit states per host
  • Limit new connections per second
  • Define state timeout
  • Define state type

• State types – the Firewall software offers multiple options for state handling.

  • Keep state – Works with all protocols. Default for all rules.
  • Sloppy state – Works with all protocols. Less strict state tracking, useful in cases of asymmetric routing.
  • Synproxy state – Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.
  • None – Do not keep any state entries for this traffic. This is very rarely desirable, but is available because it can be useful under some limited circumstances.

• State table optimization options – pf offers four options for state table optimization.

  • Normal – the default algorithm
  • High latency – Useful for high latency links, such as satellite connections. Expires idle connections later than normal.
  • Aggressive – Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections.
  • Conservative – Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization.

• Port forwards including ranges and the use of multiple public IPs

• 1:1 NAT for individual IPs or entire subnets.

• Outbound NAT

  • Default settings NAT all outbound traffic to the WAN IP. In multiple WAN scenarios, the default settings NAT outbound traffic to the IP of the WAN interface being used.
  • Advanced Outbound NAT allows this default behavior to be disabled, and enables the creation of very flexible NAT (or no NAT) rules.

• NAT Reflection – NAT reflection is possible so services can be accessed by public IP from internal networks.

Limitations: PPTP / GRE Limitation – The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. PPTP is insecure and should no longer be used.

The combination of CARP, pfsync, and our configuration synchronization provides high availability functionality. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. The Firewall software also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.

The firewall’s state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.

Server load balancing is used to distribute load between multiple servers. This is commonly used with web servers, mail servers, and others. Servers that fail to respond to ping requests or TCP port connections are removed from the pool.

The Firewall software offers three options for VPN connectivity, IPsec and OpenVPN.

A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.

• Custom – allowing defining update method for providers not specifically listed here.

• DNS-O-Matic

• DynDNS

• DHS

• DNSexit

• DyNS

• easyDNS

• freeDNS

• HE.net

• Loopia

• Namecheap

• No-IP

• ODS.org

• OpenDNS

• Route 53

• SelfHost

• ZoneEdit

Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general. The following is a list of features in the Firewall Captive Portal:

• Maximum concurrent connections – Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page.

• Idle timeout – Disconnect clients who are idle for more than the defined number of minutes.

• Hard timeout – Force a disconnect of all clients after the defined number of minutes.

• Logon pop up window – Option to pop up a window with a log off button.

• URL Redirection – after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.

• MAC filtering – by default, Firewall filters using MAC addresses. If you have a subnet behind a router on a captive portal enabled interface, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.

• Authentication options – There are three authentication options available.

  • No authentication – This means the user just clicks through your portal page without entering credentials.
  • Local user manager – A local user database can be configured and used for authentication.
  • RADIUS authentication – This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.

• RADIUS capabilities

  • Forced re-authentication
  • Able to send Accounting updates
  • RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client’s MAC address as the user name and password.
  • Allows configuration of redundant RADIUS servers.

• HTTP or HTTPS – The portal page can be configured to use either HTTP or HTTPS.

• Pass-through MAC and IP addresses – MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal. You may wish to exclude some machines for other reasons.

• File Manager – This allows you to upload images for use in your portal pages.

Limitations: “Reverse” portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.

Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.

This is by no means a conclusive list. It will be expanded as time permits.

EaZy-Q® provides an economical queue system solution which is a cost effective way of managing long customers queue by automating the process of re-directing the crowd to multiple channel with less rush or straight to a vacant areas. Our system helps in meeting specialized business customer flow requirements with built in multichannel customer flow algorithm so that customer doesn’t have to take multiple tokens numbers for different services. Our advance EaZy-Q® queue management solution intelligently and seamlessly manages multiple department calls using the same token number and makes day to day business more smooth and efficient. Our electronic queue system is completely IP based which makes it more scalable and robust than any product available in the market. EaZy-Q® provides both Wired and Wireless queuing system technology which makes it easier & flexible for our clients to manage their infrastructure based on their needs. Our solution is completely IP based which makes relocating devices efficiently, cost effective and seamless.

• WIRED & WIRELESS Technology with mix and match capability

• Multi-Lingual (English, French, German, Arabic, Tagalog and more…)

• Intelligent Controls for Timings & Load-Sharing

• Attendant’s Login & Logout with Efficiency Control

• Advance & Intelligent Calling controls (such as Priority Call / Save Next / Auto-Recall, etc.)

• Floor Mount, Wall Mount & Desktop Token Dispensers (with matching interior – as required)

EaZy-Q® is the pioneer in introducing outdoor queue management solutions in the region. This solution has provided many customer a unique way of handling customer inflow in the large open area. This system can be used to manage the following areas:

• Customs pickup area

• Car parking lot

• Courier delivery lot

• Water delivery pickup area and much more…

EaZy-Q® offers 3 ways for online booking which are as follows:

• Web page (embedded URL in the business web site)

• Through advance mobile application

• Can be integrated with the existing online booking application.

Combine with the expertise of our in house developer, EaZy-Q® offers a customized web page for the online booking. This page is usually linked to the business web site through a menu item or button provided anywhere on the web site. Any information collected gets saved either on the Cloud based server (usually setup by EaZy-Q® Team) or public server hosting provided by the client. When customer clicks on the Online Booking URL, required information (based on the business requirement) is presented on the page.

For example, customer are asked to fill their Name, Mobile #, Email Address, Purpose of the visit in terms of “Required Service”, Available Date and Time. Note that the date and time will be fetched dynamically based on days and hours of operation for a specific business. Once all the required entry options are filled, customer either clicks “Cancel” to discard the booking or clicks “Submit “ to proceed with the booking.

After customer submits the booking information, usually but no limited to, EaZy-Q® either interact with the client existing database and save the information for client system, Insert the data in EaZy-Q® Electron ic Approval System database for Online Booking Approval or shoots an email and / or SMS to the concern department for manual processing.

If the booking is being handled by the client’s existing system, EaZy-Q® will fetch the booking reference number from the existing client’s database and use this information to issue token number at the time of booking retrieval. Usually, these information are scheduled to be fetched in the nightly scheduled task but also it can be done periodically (single or multiple times) at any part of the day.

• Centralized control for multiple branches and departments. These branches can be in multiple countries, cities as well as geographical areas in the same city. Clients can manage queue system related changes from one central location (Head office). For example, managing counters, services , managing user access, changing promotional messages on the Displays, updating messages on the printed tokens and much more.

• Monitor alerts and offline devices (if any)

• Real time reporting for multiple branches

• Live Dashboards

Our Mobile Application is one of the most advance tools available in the queue management solutions that enable customers get in the queue with the convenience of sitting on their comfy couch at home. All you need to do is download our app from “App Store” or “Google Play Store”. Besides the basic features of getting virtual token numbers, our mobile app has a lot more features For example, this app can also be used to collect the feedback from the customer, make online appointment booking, retrieve booking, find nearest branch and much more.

Our online booking through this application makes it easier for the customers to manage their visit more efficiently and conveniently. This tool helps business to reduce number of people waiting in their premises.

Another great new feature of this app is “Location Finder” which makes it easy for the ADHOC customer to navigate to the nearest branch with less waiting time. With this feature, our Real-time synchronization provides user the information right to the seconds (number of people waiting, estimated waiting time etc.) so that customer can make right decision. Due to the real-time updates, customer gets up to date information for any changes occurs on the business service level. For example, user gets notified if the branch is closed for renovation, change in business hours etc.

Let us take a brief moment to explain how this whole thing works. EaZy-Q® comprehensive queue management solution provides three different ways to your prestige customers to take the token number and get into the waiting queue. Customers can take a token from either a self-serve token dispenser kiosk, go to the reception / customer service help desk to get the token number or use our advance mobile application by the convenience of the hand held devices.After taking the token number, EaZy-Q® queue management main engine installed on the server PC (on the cloud, Virtual Server OR Physical server on the local network), assign the appropriate flow for that customer. When the system reaches at a particular number before the specific (target) waiting customer, system generates an SMS and / or Mobile-App-Alert to notify the customer for their upcoming turn. System announces token number on first come first serve basis (unless there is priority customer in the queue).

After announcing the token number, customer of that token number will proceed to the counter / room where the attendant has called the number. After being served, customer will either go out or proceed to the next attendant depending customer flow algorithm set in the system. Before leaving the premises, if CFS product is available in that location, customer can provide his / her feedback using our advance Customer Feedback Solution. At any point of time management take reports, see live dashboards and much more to get real time customer flow information.