NetNinja™ Firewall

NetNinja, Searching and Destroying Threats To Your Business

The NetNinja is a network router (mini or 1U rackable chassis) that comes pre-installed with the latest router, firewall, and threat management software.

Out of the box, the NetNinja is pre-configured with:

  • Stateful packet filtering firewall
  • Multi-WAN failover, and load balancing policy support
  • IPv6, NAT, BGP support
  • MAC filtering and Radius support
  • IPsec, OpenVPN, PPTP VPN client and tunnel server support
  • VoIP Traffic Shaper wizard for easy VoIP optimization
  • DHCP, DNS, and PPoE servers
  • Dynamic DNS client support
  • Dashboard with traffic graphs and service status displays
  • Diagnostics including PFtop, PFinfo, packet capture, Darkstat traffic monitoring
  • Management via web browser, SSH login, or serial console cable

Unlike others, the NetNinja also comes with:

  • Wireless 802.11 b/g/n supporting Access Point, Infrastructure, and Ad-hoc modes
  • Snort network intrusion prevention and detection system with automatic malware policy updates and policy enforcement (free Snort account required)\

Hardware Specifications:

  • Nearly any Intel CPU
  • 2gb to 32gb or more RAM
  • A variety of storage options, from mSATA and M.2 to SSD and HDD
  • Optional SFP card for gigabit communications and HA applications (1U only)
  • 4 ethernet ports for the mini, 8 ports for the 1U.

 

Applications:

  • VPN Server
  • High Availability
  • Load Balancing
  • Traffic Shaping
  • Captive Portal
  • UTM Device
  • Firewall / Router
  • DNS / DHCP Server
  • IDS / IPS
  • Transparent Caching Proxy
  • Web Content Filter
  • And more ...

Features:

Firewall and Router

  • Stateful Packet Inspection (SPI)
  • GeoIP blocking
  • Anti-Spoofing
  • Time based rules
  • Connection limits
  • Dynamic DNS
  • Reverse proxy
  • Captive portal guest network
  • Supports concurrent IPv4 and IPv6
  • NAT mapping (inbound/outbound)
  • VLAN support (802.1q)
  • Configurable static routing
  • IPv6 network prefix translation
  • IPv6 router advertisements
  • Multiple IP addresses per interface
  • DHCP server
  • DNS forwarding
  • Wake-on-LAN
  • PPPoE Server

VPN

  • IPsec and OpenVPN
  • Site-to-site and remote access VPN support
  • SSL encryption
  • VPN client for multiple operating systems
  • L2TP/IPsec for mobile devices
  • Multi-WAN for failover
  • IPv6 support
  • Split tunneling
  • Multiple tunnels
  • VPN tunnel failover
  • NAT support
  • Automatic or custom routing
  • Local user authentication or RADIUS/LDAP

Intrusion Prevention System

  • Snort-based packet analyzer
  • Layer 7 application detection
  • Multiple rules sources and categories
  • Emerging threats database
  • IP blacklist database
  • Pre-set rule profiles
  • Per-interface configuration
  • Suppressing false positive alerts
  • Deep Packet Inspection (DPI)
  • Optional open-source packages for application blocking

Enterprise Reliability

  • Optional multi-node High Availability Clustering
  • Multi-WAN load balancing
  • Automatic connection failover
  • Bandwidth throttling
  • Traffic shaping wizard
  • Reserve or restrict bandwidth based on traffic priority
  • Fair sharing bandwidth
  • User data transfer quotas

User Authentication

  • Local user and group database
  • User and group-based privileges
  • Optional automatic account expiration
  • External RADIUS authentication
  • Automatic lockout after repeated attempts

Proxy and Content Filtering

  • HTTP and HTTPS proxy
  • Non Transparent or Transparent caching proxy
  • Domain/URL filtering
  • Anti-virus filtering
  • SafeSearch for search engines
  • HTTPS URL and content screening
  • Website access reporting
  • Domain Name blacklisting (DNSBL)
  • Usage reporting for daily, monthly, etc.

Administration:

Configuration

  • Web-based configuration
  • Setup wizard for initial configuration
  • Remote web-based administration
  • Customizable dashboard
  • Easy configuration backup/restore
  • Configuration export/import
  • Encrypted automatic backup to Netgate server
  • Variable level administrative rights
  • Multi-language support
  • Simple updates
  • Forward-compatible configuration
  • Serial console for shell access and recovery options

System Security

  • Web interface security protection
  • CSRF protection
  • HTTP Referer enforcement
  • DNS Rebinding protection
  • HTTP Strict Transport Security
  • Frame protection
  • Optional key-based SSH access

Reporting & Monitoring

  • Dashboard with configurable widgets
  • Local logging
  • Remote logging
  • Local monitoring graphs
  • Real-time interface traffic graphs
  • SNMP monitoring
  • Notifications via web interface, SMTP, or Growl
  • Hardware monitoring
  • Networking diagnostic tools