Aker: Mission Critical Firewall with Traffic Shaping, Load balancing and Fail over

Aker is part of the IT-Sentinel set of network protection and management solutions developed by IT Synergy. It is a complete firewall, traffic monitoring and management system that includes traffic shaping, failover, load balancing and intrusion detection system which can be tailored to suit your network, regardless of its size. Aker is a solution that brings network monitoring from the computer rooms right to the desk of decision makers interested in gathering details on how their company network is used.

Like the ancient Egyptian god Aker, that was said to guard the entrance and exit to the underworld, opening them for the sun to pass through during the night and to cancel the cause of death extracting the poison from snakes and scorpion bites, our solution will monitor, classify and filter each individual packet going in and out from your network.

Completely stable and transparent, it is built on a secure base using the most reliable hardware available and powerful application developed by the same team who develop the most secure Unix-based operating system available today, that will fulfill any need you might have in your network. Not only providing security and flexibility, Aker also allows you to monitor and manage the traffic passing through it, pinpointing bandwidth bottlenecks, possible problematic hosts, the traffic direction, all protocols used and finally mapping the complete network, both for local and remote hosts.

By allowing to fine tuning the restriction of undesirable ports and protocols, you are able to secure your network so that no malicious user or outside vandal could harm your servers and desktops. Furthermore, the lower priority or complete restriction of traffic which can be deemed undesirable, such as P2P or games, can increase the overall bandwidth improving your overall Internet performance. Thanks to the intrusion prevention system, any suspicious traffic might can be set to be automatically blocked and the person in charge alerted, providing 24-hour protection of the critical parts of your business and assets.

Traffic shaping allows you to define the prioritisation and bandwidth allocation for each protocols such as VoIP, HTPP, FTP, etc. and even specific applications. This will give you the ability to define a higher priority to critical protocols, such as those used for VoIP, in order to give a crystal clear quality, while lowering that of those that are not critical, such as web browsing or downloading emails. In this way, you will always have the bandwidth needed, no matter what other user may be doing at the same time.

For the ultimate physical security and reliability, Aker can be configured as a diskless network appliance with the operating system, configuration and logs stored on a USB memory stick or a CD, so that if anything happens, a reboot is all that is needed to be running back up again.

Available Editions for the Aker Firewall

Aker Firewall – Basic Edition

The standard firewall solution to control traffic between computer networks with different zones of trust. The Aker Firewall-Basic Edition is aimed to companies who would like to get the maximum control over their networks, without compromising security, by an excellent set of monitoring tools.

Aker Firewall – Business Edition

The Aker Firewall–Business Edition is the best solution for traffic shaping and load balancing/fail-over, providing the ability to set higher priority to critical protocols and at the same time use two different WAN or Internet connections that gives the impression of being only one to the internal LAN.

Aker Firewall – Enterprise Edition

The Aker Firewall–Enterprise Edition combines the highest power of the Aker Firewall-Business Edition with the ability to provide a full-featured Transparent Proxy cache with high resources, making it the best solution for delivering enterprise-class security for enterprise and service provider networks.

Features List Comparison of the different Models:

Features List	Basic	Business	Enterprise
Processor	Intel Core Solo	Intel Core Solo	Intel Core Duo Double
CPU Speed	1.66Ghz	1.66Ghz	3Ghz
Form Factor	1U Rack Mounted	1U Rack Mounted	1U Rack Mounted
RAM	256MB	512MB	1GB/2GB
Storage Capacity	80GB	120GB	Mirrored 2*120GB
LAN Connectivity	Two 10/100/1000 Ethernet ports	*Three 10/100/1000 Ethernet ports	*Four 10/100/1000 Ethernet ports
Password protected web interface (Supports SSL)	Yes	Yes	Yes
Multi-user: Administrator and Monitor (Can check status, traffic bandwidth, Network monitoring)	Yes	Yes	Yes
Serial console interface for recovery	Yes	Yes	Yes
Ability to restore to factory defaults or to backup configuration	Yes	Yes	Yes
Reboot or halt system from Web interface	Yes	Yes	Yes
Wireless support (access point with PRISM-II/2.5/3 cards, BSS/IBSS with other cards including Cisco)	Yes	Yes	Yes
Can require a Web authentication for browsing users, perfect for use in Wireless hotspots.	Yes	Yes	Yes
802.1Q VLAN support	Yes	Yes	Yes
Stateful packet filtering	Yes	Yes	Yes
Block/pass rules	Yes	Yes	Yes
Logging	Yes	Yes	Yes
NAT/PAT (including 1:1)	Yes	Yes	Yes
DHCP client, PPPoE, PPTP and Telstra BigPond Cable support on the WAN interface	Yes	Yes	Yes
IPsec VPN tunnels (IKE; with support for hardware crypto cards and mobile clients)	Yes	Yes	Yes
PPTP VPN (with RADIUS server support)	Yes	Yes	Yes
Static routing	Yes	Yes	Yes
DHCP server with ability to give static IPs to specific computers.	Yes	Yes	Yes
Caching DNS forwarder	Yes	Yes	Yes
DynDNS client	Yes	Yes	Yes
SNMP agent	Yes	Yes	Yes
Advanced traffic shaping with a wizard for initial configuration	Yes	Yes	Yes
Queue graphs for Traffic shaper	Yes	Yes	Yes
SVG-based traffic grapher.	Yes	Yes	Yes
Firmware upgrade through the web browser	Yes	Yes	Yes
Ability to schedule the booting of other machines using Wake-on-LAN	Yes	Yes	Yes
host/network aliases	Yes	Yes	Yes
Settings can be changed without rebooting	Yes	Yes	Yes
Multiple WAN Support with support for load balancing and failover.	Yes	Yes	Yes
pf (OpenBSD’s packet filter)	Yes	Yes	Yes
CARP - Common Address Redundancy Protocol - for failover and clustering of multiple firewalls for extra reliability.	Yes	Yes	Yes
Advanced support for wireless devices (including WEP, WPA, HostAP-mode, hardware-encryption if supported by driver, mac-filtering, hide SSID)	Yes	Yes	Yes
System status with realtime graphics including RAM, CPU and swap usage monitor	Yes	Yes	Yes
SSH Support	Yes	Yes	Yes
FTP-Proxy for improved FTP support	Yes	Yes	Yes
Network Monitoring - Enhanced network history data	Yes	Yes	Yes
Full Featured Transparent Proxy	No	Yes	Yes
Intrusion Detection and Prevention System	No	Yes	Yes
STunnel - Wrap standard ports with SSL	No	Yes	Yes

* The additional Ethernet Ports are used to provide DMZ/Traffic Shaping functionality