ESG Firewall

Next generation firewall with advanced security features built-in

Buy Now


[   Free Edition ] [ Compare Versions ]

E.S.G : Enterprise Security Gateway


ESG is a professional and hardened Linux firewall that is secure, easy to operate and coming with advanced security features built-in. It runs on top of Centos Linux and is based on 'netfilter' (the linux kernel base firewall module).

Overview
ESG software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with other firewalls catch on to the web interface quickly.

Hardware Selection
ESG is just the software portion of the firewall and run on Centos 6 & 7 64-bits. This means you can use your own hardware to meet your environment's specific needs.

Major Features

  • Standard Rules support (src -> dst)
  • Rules based on 'Traffic Direction'
  • Rules based on hardware Interfaces
  • Stateful Inspection firewall
  • PPTP Vpn and OpenVPN built-in
  • Advanced anti-spoofing built in
  • DNAT /  SNAT and port forwarding
  • Advanced traffic inspection (low level)
  • Easy to use Web Interface for administration
  • Build-in filtering for Malwares and Ransomwares
  • IDS/IPS and IPS with A.I
  • DDoS Protection
  • URL Filtering

Howto set up site-to-site VPN

Quick Setup Guide

Remote Access via VPN

Quick Setup Guide

ESG Web Interface

Screenshots

For Business Remote Offices & SOHO On the go
Protect your business network and secure your connections. Use the integrated site to site VPN  to create a secure network connection to and from your remote offices. Even on the road ESG is a great asset to your business as it offers OpenVPN VPN solution with road warrior support.

 

FW Schemas

Following the industry standards we have added pre-build profiles for high security setups in order to help our customers get the maximum security for their businesses out of the box. The profiles are based on best security practices and offer maximum security, advanced routing and traffic management in combination with speed and performance.

Profile : FW-LAN-DMZ-LAN2 or FW-LAN or FW-LAN-DMZ

This is the most common scenarios following the standard isolation concept of the LAN , public services (DMZ) and guest (LAN2). By choosing one of the above profiles the firewall engine will apply advanced security rules, NAT and traffic rules in order to isolate the communication between LANs . Also, advanced traffic forwarding rules will be applied for better traffic management and maximum throughput.

Profile : FW-VLAN

Internal segmentention never be so easy

Designed to run in Internal Networks (internal FW), the FW-VLAN allows the creation of multiple VLANS for traffic control. Traffic is routed to the ESG V-LAN firewall through a switch (L3) trunk. All routing and traffic rules (firewall) can be built on the ESG V-LAN firewall.

Profile : FW-FLEX

The 'flexible' profile where no rules applied. Designed for the gurus that really know what they are doing. In this configuration ESG firewall policy is completely 'empty' and ready to accept any configuration you imagine. 

 Howto Configure a V-LAN firewall

 

Remote Access

From anywhere, anytime ... easy and secure.

CyberX Enterprise Security Gateway (ESG) includes a highly secure VPN server for remote connections based on latest encryption algorithms for maximum security and performance.

Main Characteristics

  • High encryption algorithms
  • Easy to setup and manage
  • Standard TCP or UDP connection
  • Supports standard tcp/udp proxy
  • Super fast, super secure
  • Certificate based (no need of password)

Supporting both client-to-server and server-to-server (site to site vpn)

Compatible with ALL of your devices:

 

 

Secure WorkSpace

Connect securely to your corporate network from any location, from any PC.

The SecureWorkSpace is a bootable USB stick with Linux O/S that connects to your corporate networks using advanced A.I methods and high security standards.

Learn More

 

 

ESG Firewall

Next generation firewall with advanced security features built-in

Buy Now


[   Free Edition ] [ Compare Versions ]

E.S.G : Enterprise Security Gateway


ESG is a professional and hardened Linux firewall that is secure, easy to operate and coming with advanced security features built-in. It runs on top of Centos Linux and is based on 'netfilter' (the linux kernel base firewall module).

Overview
ESG software includes a web interface for the configuration of all included components. There is no need for any UNIX knowledge, no need to use the command line for anything, and no need to ever manually edit any rule sets. Users familiar with other firewalls catch on to the web interface quickly.

Hardware Selection
ESG is just the software portion of the firewall and run on Centos 6 & 7 64-bits. This means you can use your own hardware to meet your environment's specific needs.

Major Features

  • Standard Rules support (src -> dst)
  • Rules based on 'Traffic Direction'
  • Rules based on hardware Interfaces
  • Stateful Inspection firewall
  • PPTP Vpn and OpenVPN built-in
  • Advanced anti-spoofing built in
  • DNAT /  SNAT and port forwarding
  • Advanced traffic inspection (low level)
  • Easy to use Web Interface for administration
  • Build-in filtering for Malwares and Ransomwares
  • IDS/IPS and IPS with A.I
  • DDoS Protection
  • URL Filtering

 

[ View Web Adminstration Screenshots ]


For Business
Protect your business network and secure your connections.

Remote Offices & SOHO
Use the integrated site to site VPN  to create a secure network connection to and from your remote offices.

On the go
Even on the road ESG is a great asset to your business as it offers OpenVPN VPN solution with road warrior support.

FW Schemas

Following the industry standards we have added pre-build profiles for high security setups in order to help our customers get the maximum security for their businesses out of the box. The profiles are based on best security practices and offer maximum security, advanced routing and traffic management in combination with speed and performance.

Profile : FW-LAN-DMZ-LAN2 or FW-LAN or FW-LAN-DMZ

This is the most common scenarios following the standard isolation concept of the LAN , public services (DMZ) and guest (LAN2). By choosing one of the above profiles the firewall engine will apply advanced security rules, NAT and traffic rules in order to isolate the communication between LANs . Also, advanced traffic forwarding rules will be applied for better traffic management and maximum throughput.

Profile : FW-VLAN

Internal segmentention never be so easy

Designed to run in Internal Networks (internal FW), the FW-VLAN allows the creation of multiple VLANS for traffic control. Traffic is routed to the ESG V-LAN firewall through a switch (L3) trunk. All routing and traffic rules (firewall) can be built on the ESG V-LAN firewall.

Profile : FW-FLEX

The 'flexible' profile where no rules applied. Designed for the gurus that really know what they are doing. In this configuration ESG firewall policy is completely 'empty' and ready to accept any configuration you imagine. 

 Howto Configure a V-LAN firewall

Remote Access

From anywhere, anytime ... easy and secure.

CyberX Enterprise Security Gateway (ESG) includes a highly secure VPN server for remote connections based on latest encryption algorithms for maximum security and performance.

Main Characteristics

  • High encryption algorithms
  • Easy to setup and manage
  • Standard TCP or UDP connection
  • Supports standard tcp/udp proxy
  • Super fast, super secure
  • Certificate based (no need of password)

Supporting both client-to-server and server-to-server (site to site vpn)

Compatible with ALL of your devices:

Secure WorkSpace

Connect securely to your corporate network from any location, from any PC.

The SecureWorkSpace is a bootable USB stick with Linux O/S that connects to your corporate networks using advanced A.I methods and high security standards.

Learn More

Hi
 

CyberX
Web App Firewall
Protect your website and Web Applications from cyber threats

[ MODELS & EDITIONS ]  [ SCREENSHOTS ]

Overview

CyberX's enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no or minimal changes to your existing infrastructure.

Our core engine fully follows the OWASP standards as for application security. The CyberX team tune,improve and add new signatures and features in order to increase the detection rate and protect you from recent or zero-day attacks.

Protection against:

  • SQL Injections
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • GeoLocation Control
  • DDoS Protection
  • Protection from malicious sites and bots
  • Embeded virus scanner for file uploads

Network Diagram

Want to know more ?

Connect more than one CxWAF module to CxWAF Management
→  Connect CxWAF with SPA for maximum security
Howto configure the DDoS  Module
SSL Certificates Installation
Known Issues

 

 Profiling

A Web Application Firewall will trigger a lot of false positive if tuned to the maximum. This is due to the variety of web applications around, different languages used and different programming methods.

In order to avoid false positives but deliver maximum security, the CyberX engineers create various application profiles for a variate of known web applications and web services.

Among others, CyberX WAF has tuned profiles for :

  • Microsoft Exchange
  • Owncloud / NextCloud
  • Roundcube Webmail
  • DigiSpace Platform
  • Various language profiles

 Protection against DDoS attacks

The built-in DDoS protection filters out volumetric attacks before they ever reach your network and harm your apps. It also protects against sophisticated application DDoS attacks without the administrative and resource overhead of traditional solutions, to eliminate service outages.

 Automatic Updates

As of all CyberX products, the CxWAF firewall updates automatically through our own controlled repositories. System and application updates run on a daily basic.

 

 Geolocation Control

Your application under your control. Using CyberX WAF geolocation module you can control the access to your application based on geographical location of the incoming request.

 

CyberX WAF

Protect your website and Web Applications from cyber threats

 

[ MODELS & EDITIONS ]  [ SCREENSHOTS ]

Overview

CyberX's enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no or minimal changes to your existing infrastructure.

Our core engine fully follows the OWASP standards as for application security. The CyberX team tune,improve and add new signatures and features in order to increase the detection rate and protect you from recent or zero-day attacks.

Protection against:

  • SQL Injections
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • GeoLocation Control
  • DDoS Protection
  • Protection from malicious sites and bots
  • Embeded virus scanner for file uploads

 Profiling

A Web Application Firewall will trigger a lot of false positive if tuned to the maximum. This is due to the variety of web applications around, different languages used and different programming methods.

In order to avoid false positives but deliver maximum security, the CyberX engineers create various application profiles for a variate of known web applications and web services.

Among others, CyberX WAF has tuned profiles for :

  • Microsoft Exchange
  • Owncloud / NextCloud
  • Roundcube Webmail
  • DigiSpace Platform
  • Various language profiles

 Protection against DDoS attacks

The built-in DDoS protection filters out volumetric attacks before they ever reach your network and harm your apps. It also protects against sophisticated application DDoS attacks without the administrative and resource overhead of traditional solutions, to eliminate service outages.

 Automatic Updates

As of all CyberX products, the CxWAF firewall updates automatically through our own controlled repositories. System and application updates run on a daily basic.

 

 Geolocation Control

Your application under your control. Using CyberX WAF geolocation module you can control the access to your application based on geographical location of the incoming request.

Want to know more ?

Connect more than one CxWAF module to CxWAF Management
→  Connect CxWAF with SPA for maximum security
Howto configure the DDoS  Module
SSL Certificates Installation
Known Issues