Difference between revisions of "Features"

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search
Line 3: Line 3:
 
* General
 
* General
 
** Combines a router, firewall, VPN and load balancer in the same product
 
** Combines a router, firewall, VPN and load balancer in the same product
** Available as both software/virtual[http://dl.halon.se/vsr] and hardware[http://www.halon.se/products/securityrouters/compare]
+
** Available as both software/virtual[http://dl2.halon.se/vsr/] and hardware[http://www.halon.se/products/securityrouters/compare]
 
** Open source; OpenBSD[http://www.openbsd.org] with available patches, with web, LCD and other interfaces being open scripts (except for [[backend]] process)
 
** Open source; OpenBSD[http://www.openbsd.org] with available patches, with web, LCD and other interfaces being open scripts (except for [[backend]] process)
 
** Revision-managed single [[configuration file]] with [[Backend|soft reconfiguration]]
 
** Revision-managed single [[configuration file]] with [[Backend|soft reconfiguration]]

Revision as of 17:38, 3 December 2013

This is a continuously updated list of what the Halon SR series software currently supports. There is also a comparison with other relevant vendors.

  • General
    • Combines a router, firewall, VPN and load balancer in the same product
    • Available as both software/virtual[1] and hardware[2]
    • Open source; OpenBSD[3] with available patches, with web, LCD and other interfaces being open scripts (except for backend process)
    • Revision-managed single configuration file with soft reconfiguration
    • Open SOAP API that controls the entire system
  • VPN
    • Manual key IPsec
    • IKE (ISAKMP) for automatic keying IPsec
    • IKEv2 with mobile support (MOBIKE)
    • L2TP and PPTP VPN server
      • DNS suffix (search domain) and explicit routes support via DHCP inform
      • RADIUS support with groups using filter-ID
    • GRE, IPIP (RFC 1933) and Ethernet (RFC 3378) tunnels
    • High availability using SA synchronization
  • Routing
    • BGP with support for IPv6, TCP-MD5 and VPNs using extended communities
    • OSPF and OSPFv3 (IPv6)
    • Equal-cost multi-path routing
    • VRFs using routing domains
    • Policy-based routing
    • IPv6 SLAAC and DHCPv6
    • LDP for MPLS (provider edge)
    • Multicast and DVMRP
  • Ethernet
    • PPPoE client
    • Bridges with RSTP
    • VLANs (802.1q)
    • QinQ VLAN s (802.1ad)
    • Trunking and link aggregation with LACP
  • Other
    • DHCP server, client and relay
    • DHCPv6 server, client, prefix delegation and relay
    • IPv6 router advertisement and solicitation
  • Management
    • Hierarchical human-readable configuration file format
    • Atomic commits (soft reconfiguration, no reboot requirement, ever) thanks to backend
    • Full SOAP API
    • Test configurations during specified time (always reverts perfectly)
    • Revision-based configuration, with message, user, timestamp and diffing
    • Support for clustering
    • Full IPv6 support, even for online software updating
    • Root access option
    • The usual features, such as
      • SSH and serial console terminal access with CLI and configuration editor
      • Graphs and statistics (real-time and history)
      • Detailed logging and tracing with remote syslog
      • SNMP (with trap receivers)
    • NetFlow export
      • Much more...
  • Clustering
    • Optional zero-config clustering using dedicated cluster port
    • Active/passive and active/active high availability
    • CARP (address redundancy)
    • Configuration, firewall, IPsec and DHCP synchronization
  • Firewalling
    • Stateful packet filtering
    • Full IPv6 support (dual stack, without rule duplication)
    • Policy-based rulesets with packet tagging
    • Quality of service with hierarchical queueing
    • Alterations such as NAT, redirects and policy routing in-line with rules
    • PPTP and FTP proxies
  • Load balancing and internet failover
    • Layer 3 forwarding with many probe conditions
    • Layer 7 proxy with SSL acceleration support
    • Route alternation