คำอธิบาย
ShareTech NU series is the optimal network security and management solution for small and medium-sized enterprises. NU-6000 boasts high-performance operation, robust multi-layered security mechanisms, and hierarchical authorization management. Built-in functionalities include Deep Packet Inspection (DPI), application identification and control, Intrusion Prevention System (IPS), SSL decryption and blocking, web filtering, bandwidth management, antivirus, spam filtering, and support for external authentication integration. Moreover, NU-6000 supports industrial control protocols, delivering comprehensive security protection for industrial system environments by effectively detecting hacker attacks and unauthorized access to internal network resources.
NU-6000 is designed in desktop form, equipped with 6 Gigabit ports, including 1 management port. The remaining 5 ports can be freely configured by administrators as WAN, LAN, or DMZ ports. It supports a LAN BYPASS mechanism. To enhance internal network security, the NU-6000 offers internal network protocol defense, integrating wireless access points (APs) and managed switches to create a unified wired and wireless security protection. This allows administrators to comprehensively manage both internal and external networks, providing thorough threat management solution. With a simplified management interface and comprehensive reporting capabilities, it is suitable for various scenarios including enterprise LANs and small SOHO studios.
FIREWALL
– Routing: Support static/dynamic route, designated gateway group, and default gateway.
– IPv4/v6: Support IPv4, IPv6, and IPv4/IPv6 dual-stack. Admins can quickly swap between at the click of a button.
– IEEE VLAN 802.1Q: The Intranet can be divided into multiple segments, isolating different traffic logically.
– GEO IP: Geo IP restriction allows admins to configure a geolocation-based policy by specifying source and destination locations.
– Network Services: Support Client/Server DHCP, DDNS, SNMP, and DNS Server and Proxy.
– VPN: Support IPSec, PPTP, L2TP VPN, SSL VPN, and IP Tunnel.
– SD-WAN: SD-WAN can combine from the designated gateway or VPN tunnels, enable optimized traffic routing over multiple transport links, and select a route for applications based upon configured policies and priorities.
– IP Tunnel: A secure VPN can be created via IP Tunnel between two ShareTech UTMs, and traffic passed through the VPN can be monitored.
– Auto IPSec VPN: To create an IPSec VPN between two sites having massive/dynamic IP addresses, Auto VPN can reduce the complexity of deployment and increase stability.
– Log: Include logging for system operation and status, wizard, login/logout, system anomaly & control, configuration, networking, policies, objects, services, advanced protection, IPS, WAF, email security, content record, VPN, etc.
NETWORK & EMAIL PROTECTION
– Anti-Virus Engine: Support ClamAV, an open-source anti-virus engine that detects millions of trojans, viruses, malware, and other malicious threats. Kaspersky is also available for optional purchase.
– Intrusion Prevention System (IPS) & Signature Database: Supports IPS that proactively detects intrusion behaviors and matches the signature database. IPS Protection’s severity level is defined as LOW, MEDIUM, and HIGH.
– Sandstorm: Support four types of security inspection: file hash, Web URL, domain, and IP.
– WAF: Cyberattacks are classified into 19 categories. A host-based WAF sets between external users and web applications to block and log requests.
– Anomaly IP Analysis: Flow/behavior-based anomaly detection allows both up and down sessions to be analyzed. An anomaly can be blocked, recorded, and notified to subscribers.
– Email Filtering: Support incoming/outgoing/received email scanning for virus/spam/auditing/backup, queries on SMTP communication logs, infected email quarantine, and queries on email logs.
WEB PROTECTION
– Transport Layer Security (TLS): TLSv1.3 inspection on IPv4 and IPv6
– Deep packet inspection (DPI): DPI is a form of packet filtering that locates, classifies, and reroutes packets. It has higher detection accuracy than port-based TCP/UDP.
– WEB Service: Support HTTPS scanning in anti-virus, SSL certificate installation, loggings for HTTPS proxy action, and certificate allowlist.
– URL Filtering: A third-party database sorts malicious URLs into six categories. Users can renew the license to get real-time updates or periodically apply firmware upgrades for free updates.
– Application Control: A third-party database sorts applications into 17 categories. Users can renew the license to get real-time updates or periodically apply firmware upgrades for free updates.
ACCESS CONTROLS & FLOW MANAGEMENT
– Authentication: The system can authenticate users with accounts on hosts, POP3/IMAP, Radius, and AD servers. Admins can add users to groups, view logs, and get status information.
– Multi-Factor Authentication: Multi-factor authentication can add an additional layer of login security to user accounts, authentication, and SSL VPN access. Users can download mobile security apps (Google/Microsoft authenticator) to generate codes and use the codes to log in.
– Load Balance: Inbound and outbound can be reviewed to make sure traffic patterns are expected. Administrators can set up traffic rules in priority order so that all traffic can be evenly distributed among multiple WAN links.
– QoS: Ensure an adequate bandwidth for high-priority tasks and applications, maximum bandwidth limits, and priority levels.
INTRANET PROTECTION
– Switch Co-Defense: Common SNMP switches and advanced L2/L3 switches (a topology included that gives an instant view of the operational status and speed of each port) can be centrally managed. Zyxel switches support IP Source Guard (static IP-MAC-Port binding) to perform DHCP Snooping. Moreover, the PoE schedule can be configured via UTM to manage power consumption.
– AP Management: It displays the status of AP and online users. Quick deployment (config. files) can be delivered for large numbers of access points.
– Intranet Protection: ARP spoofing prevention, IP & MAC spoofing prevention, notification, and block status.
CENTRAL MANAGEMENT
– Cloud-Based service system (Eye Cloud): ShareTech-branded devices can be remotely monitored and efficiently maintained. Multi-region Wireless APs and switches can be accessed via UTMs as well. Flexible options (Free, VIP, and Distributor) are offered to match requirements. HQ admins can customize tasks based on sites and then select UTM series, devices, config. files/firmware, and intervals. Tasks can be published and targeted to relevant locations in real time.
– Server-Side and Client-Side CMS: Support regularly passing data from the client side to the server side. The system makes periodic backups (config. file) automatically.
– Dashboard: A real-time Dashboard that shows a graphical presentation of the current status.
OTHERS
– Industrial Control Protocols: Support multiple industrial control protocols include EtherCAT, Ethernet/IP, MODBUS, DNP3, DNP3-Secure, IEC-104, IEC-104-SEC, IEC-61850, MMS, AXView2.0, BACNet, LonWorks, LonWorks2, PROFINET, Citrix, MQTT, MQTT over SSL, Siemens OPC-UA, Kepware OPC-UA. This function enables enterprise to implement in manufacture fields.
– Operation Management Interface: Management interface and Dashboard GUI.
– Diagnostic Tools: Standard net tools such as Ping, Traceroute, DNS lookup, and port scanners are available to help users identify and fix connection problems. Test widgets like IP Route, Wake Up, SNMP, and IPv6 tools can test your connection and readiness.
– Remote Log Server: Log data can be forwarded in the Syslog format to a remote Syslog server that receives, categorizes and stores log messages for advanced analysis.
– Distributed administration: Authority can be delegated to one or more administrators, such as Admins and assistant admins. Admins can assign three types of privileges (READ, WRITE, and ALL privileges).
– Custom Password Policy: Password length and complexity requirements, unable to reuse old passwords, and change passwords at regular intervals.
– Interrupt: Hardware interrupts (via CPU) and software interrupts (via ZONE) are supported, allowing the CPU to perform specific tasks. IT administrators can optimize system performance and troubleshoot issues more effectively.
– Offline Signature Update via USB drives: Support the following items: IPS, the default APP Blocklist, anti-virus (ClamAV & Kaspersky), and Sandstorm.
– Backup & Restore: Offer USB system backup. A system recovery can be ready to minimize the damage imposed by an incident.
– UPS: Provide backup power as quickly as possible in the event of data loss and some protection from power quality issues.
– LAN Bypass: Support 1 pair of LAN bypass as a fault-tolerance to protect business communication in the event of a power outage.
– High Availability (HA): Support Host-Standy (Active-Passive) mode.
Warranty
- 1 Years Warranty
Download
Product Datasheet
