IPI NGFW

Next Generation Firewall

A Next-Generation Firewall is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection, and an intrusion prevention system. Other techniques might also be employed, including TLS.

NGFW versus traditional firewall:

NGFWs include the typical functions of traditional firewalls including packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. Next-generation firewalls aim to include more layers of the OSI model, improving the filtering of network traffic dependent on the packet contents. The most significant differences are that NGFWs include intrusion prevention systems (IPS), and application control.

Next-generation firewalls perform deeper inspection compared to stateful inspection performed by the first and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.

Evolution of NGFW:

Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.

Stateful firewalls with simple packet filtering capabilities were efficient in blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. However, a web application blocking that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.

Protection based on ports, protocols, and IP addresses is no longer reliable and viable. This has led to the development of an identity-based security approach, which takes organizations a step ahead of conventional security appliances that bind security to IP addresses.

The main components of the IPI NGFW security solution:

Below we examine the main components of security solutions provided by IPInstrument company.

1- Effective provision of security by IPInstrument laboratory

1- Effective provision of security by IPInstrument laboratory:

2 - Single console with a network security operating system

2 - Single console with a network security operating system:

3- Providing a firewall solution throughout large organizations

3- Providing a firewall solution throughout large organizations:

4- Providing a broad and dynamic defense strategy for the long term

4- Providing a broad and dynamic defense strategy for the long term:

The main components of the IPI NGFW security solution:

Below we examine the main components of security solutions provided by IPInstrument company.

1- Effective provision of security by IPInstrument laboratory:

Gaining comprehensive knowledge about the threat landscape along with the ability to quickly respond to multiple levels of these threats can be the basis for creating effective security in the network. Accordingly, online updates are an important part of the IPI NGFW security solution. These updates are provided online by the specialists of this company, and in order to be more effective, the security research team examines the updates provided by other prominent manufacturers in Iran and the world in order to keep up with the highest level of security provided in the world.

1- Effective provision of security by IPInstrument laboratory:

Gaining comprehensive knowledge about the threat landscape along with the ability to quickly respond to multiple levels of these threats can be the basis for creating effective security in the network. Accordingly, online updates are an important part of the IPI NGFW security solution. These updates are provided online by the specialists of this company, and in order to be more effective, the security research team examines the updates provided by other prominent manufacturers in Iran and the world in order to keep up with the highest level of security provided in the world.

2 - Single console with a network security operating system:

Regardless of the implementation location of IPI NGFW equipment or its platform (hardware, virtualized, public cloud, or hybrid cloud), visibility and control are provided with a compatible operating system for network security. IPIOS operating system integrates all security and network services intending to reduce complications. In addition, it provides 360-degree visibility to network traffic and users can view traffic through applications, threats, equipment, countries, and other factors with one click. IPIOS applies valuable policies across the network. Despite the above features, security managers can monitor network traffic and formulate consolidated policies that include more detailed security controls. At the same time, by having a single console, security managers can benefit from visibility and control throughout the organizations, thus enabling scalable central management, reporting, and logging processes.

2 - Single console with a network security operating system:

Regardless of the implementation location of IPI NGFW equipment or its platform (hardware, virtualized, public cloud, or hybrid cloud), visibility and control are provided with a compatible operating system for network security. IPIOS operating system integrates all security and network services intending to reduce complications. In addition, it provides 360-degree visibility to network traffic and users can view traffic through applications, threats, equipment, countries, and other factors with one click. IPIOS applies valuable policies across the network. Despite the above features, security managers can monitor network traffic and formulate consolidated policies that include more detailed security controls. At the same time, by having a single console, security managers can benefit from visibility and control throughout the organizations, thus enabling scalable central management, reporting, and logging processes.

3- Providing a firewall solution throughout large organizations:

The IPI network equipment collection offers a wide range of firewall platforms in the market. IPI NGFW is based on an integrated and purpose-built architecture that provides high throughput and low latency while providing greater security effectiveness. The IPI NGFW appliance portfolio includes a set of flexible platforms that can be implemented as next-generation firewalls (NGFW) at the edge, as data center firewalls at the edge for data centers and on-premises or distributed organizations. IPI devices, which are managed by a network security operating system called IPIOS, offer a unified security policy in all situations.

3- Providing a firewall solution throughout large organizations:

The IPI network equipment collection offers a wide range of firewall platforms in the market. IPI NGFW is based on an integrated and purpose-built architecture that provides high throughput and low latency while providing greater security effectiveness. The IPI NGFW appliance portfolio includes a set of flexible platforms that can be implemented as next-generation firewalls (NGFW) at the edge, as data center firewalls at the edge for data centers and on-premises or distributed organizations. IPI devices, which are managed by a network security operating system called IPIOS, offer a unified security policy in all situations.

4- Providing a broad and dynamic defense strategy for the long term:

Supporting all types of implementations, IPI NGFW products can provide unparalleled freedom of action to security professionals across large enterprise networks. Security administrators have the visibility and control necessary to counter attackers through a single network security operating system across the entire IPI portfolio. Using a single dashboard presented as CLI or WUI, security managers can collect different management views and implement security policies in a precise way.

4- Providing a broad and dynamic defense strategy for the long term:

Supporting all types of implementations, IPI NGFW products can provide unparalleled freedom of action to security professionals across large enterprise networks. Security administrators have the visibility and control necessary to counter attackers through a single network security operating system across the entire IPI portfolio. Using a single dashboard presented as CLI or WUI, security managers can collect different management views and implement security policies in a precise way.

IPI NGFW product features

  • WUI/CLI Interface

  • Firewall Traffic Mgmt.

  • IPS (Intrussion Prevention System)

  • Smart Security

  • ATP Security

  • Application/Identity Awareness

  • Port Enforcement

  • DPI (Deep Packet Inspection)

  • Bandwidth Mgmt

  • Web/SSL Control and Filter

  • Intelligence Reports

  • SSL Inspection/ Offload/Bridging

  • Log Mgmt & Reports

  • VPN Server/Client

  • Link Balancer

  • Application Delivery

  • Radius Billing & Accounting

  • Authentication VDI/RBI

  • Authentication Captive Portal

  • DLP (Data Leak Prevention)

  • Anti-Phishing Address

  • Anti-Coin Miner Address

  • Anti-Malware Address

  • Dynamic/Static Routing

  • SIP NAT Traversal

  • SDWAN

Why this product is a Next Generation Firewall?

Standard features of a firewall:

In this type of firewall, there are all the capabilities of older firewalls (first generation) such as blocking ports and protocols and network services such as NAT, Route, etc.

Coordination with the services directory:

With this method, there is no need to define a user in the firewall anymore, and the same groups and users that exist in the Trust or even Untrusted active directories can be used in the firewall as well.

SSL and SSH Inspection:

This generation of firewalls can also analyze the encrypted traffic of SSL and SSH protocols. They are capable of decrypting the traffic and after decrypting and making sure that it is safe and there is no unauthorized traffic, they re-encrypt or simply send it according to the policy set for it.

Prevention of intrusion:

With the special intelligence intended for this type of firewall and the extraordinary scanning ability seen in them (even in layer 4), they have the greatest ability to prevent and detect intrusion. Some NGFWs have a level of intrusion detection and prevention capabilities that even a standalone IPS device cannot provide on its own.

Identifying and filtering software:

This capability is actually the biggest strength of such firewalls, in which they can also control the processes on the user side and detect the type of traffic and filter based on the type of software without depending on the port or address so that malicious software, filter breakers, and unauthorized software cannot Use common and unusual ports to enter the network and harm it.

Malicious code filtering:

This generation of firewalls can prevent a malicious code from continuing or even starting to work based on the type of activity of software and its maliciousness, can prevent attacks from being updated by identifying malicious sites and storing them in their database, preventing through them, while also some of them are capable of identifying phishing attacks.

How is IPI NGFW product offered?

IPI NGFW is completely flexible and you can use this product in different and common ways. We respect your needs, all you have to do is will

Hardware

We can offer you these products with tailor-made hardware. From desktop hardware for use in the SOHO category to multi-unit hardware for use in the Enterprise category.

Cloud as a Service

With your preference, you can use these products in various categories and with different sources on the cloud and with monthly-basis payment. We will be with you soon in Azure and AWS.

Virtual Machine

You can get our products as an OVF/OVA virtual machine, and use them with no restrictions on resources and ports, and in virtualization platforms including ESX, HyperV, etc.

How is IPI NGFW product offered?is

IPI NGFW is completely flexible and you can use this product in different and common ways. We respect your needs, all you have to do is will

Hardware

We can offer you this product with different hardware. From desktop hardware for use in the SOHO category to multi-unit hardware for use in the Enterprise category.

Cloud as a Service

If you want, you can use this product in different categories and with different sources on the cloud and pay for that monthly. We will be with you soon in Azure and AWS.

Virtual Machine

You can get this product as an OVF virtual machine, use them without restrictions on resources and ports and on virtualization platforms such as ESX, HyperV, etc.