Traffic Inspector Next Generation

Traffic Inspector Next Generation provides filtering at different levels of the OSI model (network, transport, application) and management via a web interface over a secure HTTPS connection, as well as over SSH using terminal access. The solution is deployed as a gateway at the edge of the corporate network and allows you to control information flows between the local network and the Internet.

Models in the line:

• S100: for small home and office networks. Small form factor x86-64 computers (152.4 x 152.4 mm) are used as a hardware platform.
• S500: for medium-sized businesses and medium-sized government agencies.
• M1000: for large businesses and public sector institutions.
• L1000+: top model for large commercial, government, educational organizations, healthcare, culture, sports and tourism institutions.
  Hardware platform of the S500, M1000 and L1000+ models: 1U form factor rack servers.

Technical characteristics of Traffic Inspector Next Generation:

• the firewall (Packet Filter) protects the gateway and users' computers from unauthorized access from the outside, distributes the Internet to users, provides access to internal servers from the Internet;
• the intrusion detection and Prevention system (IDS/IPS) recognizes the sources of attacks and the attacked machines by certain signatures of network traffic and effectively "cleans" it;
• network activity monitoring and reports (NetFlow: report on network activity, on the most popular network services, on the most popular IP addresses. Web proxy: Domains (by visited domains), URLs (by visited URLs), Users (by users who generated proxy requests), User IPs (by computers that generated proxy requests). RRDTool utilities: report on the status of the Internet channel, on PROCESSOR usage, on RAM usage, on the number of states of the firewall connection tracer. Monitoring the loading of network interfaces in real time. Firewall log. System log and syslog-ng);
• managing Internet access bandwidth with a dynamic shaper and traffic prioritization (limiting the maximum user speed, reserving dedicated bandwidth for traffic, distributing Internet channel bandwidth equally among users of the internal network, prioritizing application traffic using queues for traffic critical to delays);
• various types of VPN (OpenVPN, IPsec in tunnel mode, L2TP/IPsec (IPsec in transport mode), Tinc VPN, PPTP, PPPoE);
• clustering (uses CARP protocols (VRRP), PFSYNC (synchronization of firewall status), XMLRPC Sync (synchronization of other gateway settings);
• Connection Failover (in this mode, the gateway switches to alternate Internet access channels when the main ones fail, thereby ensuring continuity of access);
• the system of centralized management (Central Management System) of the distributed infrastructure of network gateways (the gateway can be a master node in the central office and a slave node in a remote office);
• Captive Portal (including SMS identification support);
• flexible routing;
• The proxy server (Squid) supports: HTTP, HTTPS, FTP, transparent proxying, interception and decryption of SSL/TLS connections, caching of web content;
• filtering: by client IP addresses and networks, by destination ports, by browser type (User Agent), by content type (by MIME types), by common white and black URL lists, by individual URL lists assigned to a domain or local user or group, by downloadable URLslists (SquidGuard), by category using the NetPolice module (regular expression syntax is allowed in URL lists);
• various authentication methods (authentication by local database, LDAP, RADIUS, Kerberos, binding by IP and MAC addresses, two-factor authentication, vouchers);
• Layer 7 — filtering (intelligent recognition of protocols of the applied (seventh) level due to signature analysis, used to block applications like Skype and BitTorrent);
• gateway antivirus does not require installation on each client computer, instead it is installed once on the gateway and checks the web traffic of all users;
• environment: The FreeBSD operating system.

The license validity period is determined by the service life of the hardware part of the software and hardware complex, includes 1 year of access to updates and extended technical support.

Smart-Soft solutions protect the computer networks of Gazprom, Megafon, Sberbank, Russian Railways, Rosneft, as well as thousands of other companies of large, medium and small businesses and government organizations.