+972-72-212-0700 Free Trial

DePure NG Security Gateway – A new generation of hardware and software universal security gateway for managing controlled access to the Internet for corporate computer networks and protecting them from external threats.

DePure NG provides filtering at various layers of the OSI (network, transport, application) and management via a web interface over a secure HTTPS connection as well as via SSH protocol using terminal access.

This solution is deployed as a gateway at the corporate network boundary and allows the control of data streams exchanged between LAN and the Internet.

DePure NG is a Unified Threat Management class product. Based on open code of the OPNsense project.
This website uses cookies to ensure you get the best experience

Why choose DePure NG Security Gateway?

We have based DePure NG on state-of-the-art cybersecurity technologies and keep it up to date so that our customers can enjoy the highest level of protection

Balanced feature set
All the necessary network security features in one device: Firewall, IDS/IPS, proxy, VPN and many more!
Reduced costs
Improved employee productivity, protection against business activity disruption and data theft.
Easy start-up and administration
Intuitive interface, detailed user documentation, active technical support.

Extended functionality

  • Protection against network threats
  • Internet access management
  • Web access policies creation
  • Monitoring and reports

Protection against network threats

The firewall handles numerous tasks, including:

  • Protection of the DePure NG device and the computers in the intranet from unauthorized access from the Internet.
  • Network Address Translation (NAT).
  • Internal services publication (port forwarding).
  • Internal users access control to computers on Internet.
  • Packet capture and forwarding to the DePure NG device (as part of transparent proxying and SSL Bump functionality).

Intrusion Detection and Prevention System (IDS/IPS) is based on Suricata software and uses the NETMAP packet capture method to improve performance and minimize processor load. IDS/IPS system:

  • Notifies about compromised SSL certificates and prevents their use.
  • Notifies about vulnerabilities in DNS, FTP, ICMP, IMAP, POP3, HTTP, NetBIOS, DCERPC, SNMP, TFTP, and VOIP protocols and prevents their exploitation.
  • Notifies about exploits and vulnerabilities of network applications and prevents their use.
  • Notifies about DOS attacks and blocks them.
  • Notifies about network scan events and blocks them.
  • Blocks botnet traffic
  • Blocks traffic from compromised hosts.
  • Blocks traffic from hosts infected with trojan software and net worms.
  • Blocks traffic from spam networks.

DePure NG uses built-in ClamAV plug-in for anti-virus scanning. This plug-in supports HTTP, HTTPS traffic verification (SSL Bump functionality configuration required).

Internet access management

Using DePure NG you can establish encrypted VPN-tunnels between branch offices, remote employees, and central offices.

The product supports the following VPN types:

  • OpenVPN;
  • IPsec
  • L2TP;
  • PPTP;
  • Tinc VPN;
  • Wireguard.

You can choose the method that best fits your infrastructure:

  • Local database authentication;
  • Kerberos;
  • NTLM;
  • LDAP;
  • RADIUS;
  • Voucher authentication for Captive Portal;
  • Wi-Fi authentication via SMS (SMS Portal);
  • Two-factor user authorization;
  • Mixed authentication (bind to IP/MAC addresses).

The technology includes adding several DePure NG servers to the cluster to ensure uninterrupted Internet access.

Clustering functionality is implemented through a number of technologies: CARP (VRRP), PFSYNC protocols (firewall state synchronization), XMLRPC Sync (synchronization of other gateway settings).

In Connection Failover mode, when their primary Internet access channels fail, DePure NG switches to backup channels, ensuring uninterrupted access to the network and continuous operation.

The shaper in DePure NG supports the following types of shaping:

  • Maximum speed limit for user.
  • Redundant dedicated bandwidth for traffic.
  • Even distribution of Internet channel bandwidth among intranet users.
  • Prioritize application traffic using queues for latency-critical traffic.

The central management system for the distributed infrastructure of DePure NG's gateways allows you to configure each node of the future infrastructure. Thus, DePure NG Gateway can perform one of two roles:

  • Master node – the gateway is in the central office of the institution. Master node allows for centralized administration, diagnostics, and data collection from network gateways located at remote offices.
  • Slave node – the gateways are at a remote branch or office of an organization. The slave node gets its settings from the designated master node, controls and protects the network communication between remote branch computers and the Internet.

Web access policies creation

DePure NG web proxy supports the ability to u se flexible policies and rules when blocking unwanted sites for individual users and user groups.

Web Proxy supports:

  • HTTP, HTTPS, FTP protocol proxying.
  • Transparent proxying.
  • SSL / TLS-connection capture and decryption.
  • Web content cashing.
  • Access control lists filtering.

Proxy filtering (Squid):

  • Filtering by client and network IP addresses.
  • Filtering by destination ports.
  • Filtering by browser type (User Agent).
  • Filtering by content type (MIME types).
  • Filtering by general URL white- and blacklists.
  • Filtering by individual URL lists, assigned to a domain or local user or group.
  • Filtering by downloaded URL lists (SquidGuard).

Deep Packet Inspection system provides intelligent detection of application layer protocols (layer 7) using signature analysis. This feature allows you to easily block such applications as Skype or BitTorrent.

Monitoring and reports

DePure NG relies on NetFlow-based technology to generate the following reports:

  • Network Activity Report
  • Report on the most popular network services;
  • Report on the most popular destination IP addresses.

DePure NG supports several types of proxy reports:

  • By domains visited;
  • By URLs visited;
  • By users who have generated proxy requests;
  • By computers that generated proxy requests.
  • Internet channel status report.
  • Processor usage report.
  • Memory usage report.
  • Report on the number of firewall connection tracer states.

Source IP address and port, destination IP address and port, inbound interface, packet processing time, and the action applied to the packet are displayed for each packet processed by the firewall.

The system log is based on Syslog and contains messages from various subsystems of DePure NG.

DePure NG Security Gateway Configuration Guide and Technical Documentation

Please provide a valid e-mail address to receive the DePure NG User Guide.

By clicking this button, you consent to the processing of your personal data and accept the Privacy Policy.

Order DePure NG Security Gateway for your company

By clicking this button, you consent to the processing of your personal data and accept the Privacy Policy.

Choose a solution to fit your needs

DePure NG Security Gateway hardware platforms
SM-800
For small enterprise networks
  • Recommended number of users - 100
SM-850S
For medium enterprise networks
  • Recommended number of users - 500
SM-850M
For large enterprise networks
  • Recommended number of users - 1000
SM-850L
For large enterprise networks
  • Recommended number of users - 1000+
Disclaimer: the appearance of hardware platforms may differ from the images on the website.
Software
For companies with their own infrastructure
DePure NG Security Gateway as a virtual machine image
Enterprise
For companies with a geographically distributed network
Several DePure NG Gateways with Central Management System