Centipede Firewall
Features
- Installation configuration wizard — After installation, a simple wizard will ask for essential network configuration information to get you up and running in minutes.
- Web GUI administration — All configuration may be done through your web browser, with a web interface which has been designed with ease of use in mind.
- Consolidated configuration — The entire configuration is stored in one XML file, which may be easily downloaded and stored, or quickly restored to any other Centipede Firewall system.
- Hardened operating system — The Centipede Firewall is based on FreeBSD, which is widely known for its tight security and strict conformance to international standards.
- VPN (IPsec, OpenVPN, and PPTP) — Popular VPN technologies are supported out of the box, allowing the Centipede Firewall to act as your VPN endpoint in addition to its role as firewall.
- Failover clustering — Increase reliability of your network by adding a backup firewall to which the network will fail over in the event of a failure on the primary firewall. Configuration changes on the master firewall are automatically synchronized to the backup.
- Traffic shaping — The Centipede Firewall employs advanced traffic shaping methods to prioritize some types of internet traffic over others. The traffic shaping may also be configured via its own wizard.
- Wireless support (802.11a/b/g) — Support for many wireless cards is included; cards with Atheros chipsets are recommended. Wireless cards can be added to a Centipede Firewall hardware purchase for a nominal fee.
- Simple upgrade process — Upgrades to the firewall system can be easily accomplished via the web interface or the console, using a single upgrade file.
- Advanced aliasing (host, network, port) — Aliases make management of firewall rules much easier by keeping specific information (IP addresses, port numbers) in one place, rather than duplicating the information in each related firewall rule; when, for example, a host is moved to a new IP address, the change can be made in the alias once, rather than going through each firewall rule that refers to that host. Aliases may be used in firewall rules and in NAT rules.
- Multi-WAN (failover/load balancing) — The Centipede Firewall is capable of leveraging multiple internet links to provide high availability via failover or better quality of service via load balancing and policy-based routing. Note: only one PPPoE WAN link may be used.
- Configuration mirroring over cluster members — When in a failover (CARP) cluster, configuration may be automatically mirrored from the master firewall to backup firewalls.
- Packet normalization — Traffic passing through the firewall is "scrubbed" to filter out packets that have impossible flags set to reduce the possibility of protected hosts' services' being exploited.
- Captive portal — Especially useful for running a public wireless access point, captive portal greets connecting users with a portal page, and requires authentication against an internal or RADIUS database for internet access.
- Inbound/outbound load balancing — Inbound load balancing is supported for balancing incoming connections among web servers, for example. Also included is outbound load balancing, for distributing outbound connections across multiple WAN links.
- Fully configurable dashboard — As part of the reporting functionality, a configurable dashboard is provided, with drag-and-drop widgets including interface status, IPsec tunnel status, system statistics, and a traffic graph.
- Extensive status and trend reporting — Detailed graphs are provided (using RRDtool) covering system statistics, traffic, quality, and traffic shaping queues.
- Packaging system to extend functionality — The Centipede Firewall includes a packaging system that will be used in the future to add such functionality as a realtime intrusion protection system, a email spam/virus filter, and a web content filter.
