[ipfire.org.git] / src / templates / static / about.html

{% extends "../base.html" %}

{% block title %}{{ _("About IPFire") }}{% end block %}

{% block container %}
	<section class="hero has-background-primary-light">
		<div class="hero-body">
			<div class="container">
				<nav class="breadcrumb is-medium" aria-label="breadcrumbs">
					<ul>
						<li>
							<a href="/">Home</a>
						</li>
						<li class="is-active">
							<a href="#" aria-current="page">About</a>
						</li>
					</ul>
				</nav>
				<h1 class="title is-1">
					About IPFire<span class="has-text-primary">_</span>
				</h1>
				<p class="subtitle">The Open Source Firewall</p>
			</div>
		</div>
	</section>

	<div class="container">
		<section class="section">
			<div class="block">
				<p class="is-size-4">
					<strong>IPFire<span class="has-text-primary">_</span></strong>
					is the world's leading Open Source firewall distribution.
					Businesses across the world have chosen to put their trust
					in our versatile, feature-rich solution with its easy-to-use
					web management console. Why not join them today?
				</p>
			</div>
		</section>

		<section class="section">
			<div class="block">
				<div class="columns is-multiline">
					<div class="column is-half">
						<div class="columns is-mobile is-vcentered">
							<div class="column is-3 has-text-centered">
								<i class="fas fa-shield-halved fa-5x"></i>
							</div>

							<div class="column">
								<p class="title is-5">Security by Design</p>

								<p>
									Network segmentation is the key to a secure network.
									IPFire sets up a DMZ for your local infrastructure or a
									guest network for any visitors separating and protecting
									other parts of your network.
								</p>
							</div>
						</div>
					</div>

					<div class="column is-half">
						<div class="columns is-mobile is-vcentered">
							<div class="column is-3 has-text-centered">
								<i class="fas fa-rocket fa-5x"></i>
							</div>

							<div class="column">
								<p class="title is-5">Industry-Leading Firewall Engine</p>

								<p>
									Our stateful packet inspection firewall engine analyses
									traffic for the latest threats and performs
									deep packet inspection in real time.
									Due to our smart user interface, creating even complex
									setups is quick and straight-forward.
								</p>
							</div>
						</div>
					</div>

					<div class="column is-half">
						<div class="columns is-mobile is-vcentered">
							<div class="column is-3 has-text-centered">
								<i class="fas fa-network-wired fa-5x"></i>
							</div>

							<div class="column">
								<p class="title is-5">We Connect the World</p>

								<p>
									We securely connect your employees to their desks at home,
									your global business partners and the infrastructure in your data centre,
									giving you maximum flexibility so that you can focus on what really matters.
								</p>
							</div>
						</div>
					</div>

					<div class="column is-half">
						<div class="columns is-mobile is-vcentered">
							<div class="column is-3 has-text-centered">
								<span class="fas fa-thumbs-up fa-5x"></span>
							</div>

							<div class="column">
								<p class="title is-5">Easy to Use</p>

								<p>
									IPFire is managed over a web-based console which
									is powerful, yet easy to use.
									Each feature is just one click away.
									Advanced reporting and real time graphs give you
									detailed insight into your network.
								</p>
							</div>
						</div>
					</div>

					<div class="column is-half">
						<div class="columns is-mobile is-vcentered">
							<div class="column is-3 has-text-centered">
								<i class="fa-solid fa-earth-europe fa-5x"></i>
							</div>

							<div class="column">
								<p class="title is-5">Supporting Global Standards</p>

								<p>
									Commonly deployed in businesses and educational organisations
									of all sizes, IPFire interoperates perfectly with solutions
									from other vendors making it an ideal drop-in replacement.
								</p>
							</div>
						</div>
					</div>

					<div class="column is-half">
						<div class="columns is-mobile is-vcentered">
							<div class="column is-3 has-text-centered">
								<i class="fas fa-terminal fa-5x"></i>
							</div>

							<div class="column">
								<p class="title is-5">Free As In Freedom</p>

								<p>
									IPFire is free software.
									Our community develops and reviews all changes going
									into the code base and IPFire is regularly audited by
									independent third parties.
									Become a part of the community and help us
									to continue improving IPFire!
								</p>
							</div>
						</div>
					</div>
				</div>
			</div>
		</section>

		<section class="section">
			<a class="button is-primary is-large is-fullwidth" href="/download">
				<span class="is-hidden-touch">{{ _("DOWNLOAD IPFIRE NOW. IT'S FREE!") }}</span>
				<span class="is-hidden-desktop">{{ _("DOWNLOAD NOW") }}</span>
			</a>

			<!-- any screenshots go here -->
		</section>

		<section class="section">
			<h3 class="title is-3">{{ _("Meet The Team") }}</h3>

			<div class="block">
				<p class="is-size-5">
					IPFire is built by a group of experts from various backgrounds and places
					and we could not do it without our great community around us.

					<a href="/donate">Support our work with your donation!</a>
				</p>
			</div>

			{% set core_team = backend.groups.get_by_gid("core-team") %}

			<div class="block">
				<div class="columns is-multiline is-mobile">
					{% for account in sorted(core_team, key=lambda a: a.created_at) %}
						<div class="column has-text-centered">
							<figure class="image is-128x128 is-inline-block">
								<img class="is-rounded" src="{{ account.avatar_url(size=128) }}">
							</figure>

							<h4 class="title is-4 has-text-weight-bold">{{ account.name or account.nickname }}</h5>
						</div>
					{% end %}
				</div>
			</div>

			{% set team = [
				a for a in backend.groups.get_by_gid("contributors") if not a in core_team
			] %}

			{% if team %}
				<div class="block">
					<div class="columns is-multiline is-mobile">
						{% for account in sorted(team, key=lambda a: a.created_at) %}
							<div class="column is-half-mobile is-one-third-tablet is-one-quarter-desktop is-one-fifth-widescreen is-one-fifth-fullhd">
								<div class="columns is-vcentered is-mobile">
									<div class="column is-narrow">
										<figure class="image is-48x48">
											<img class="is-rounded" src="{{ account.avatar_url(size=48) }}">
										</figure>
									</div>
									<div class="column">
										<h6 class="title is-6 has-text-weight-bold">{{ account.name or account.nickname }}</h6>
									</div>
								</div>
							</div>
						{% end %}
					</div>
				</div>
			{% end %}

			<!-- Talk about funding. Donations, how LWL supports the project -->
		</section>
	</div>

	<div class="container">
		<section class="section">
			<div class="block">
				<h3 class="title is-3">{{ _("Under The Hood") }}</h3>

				<div class="columns">
					<div class="column is-one-fourth">
						IPFire is not only an app that you install, it is a whole operating
						system based on Linux, hardened and tuned to the maximum to serve
						as a firewall.
						Regular updates help keeping even the hardest kind of hacker out.
					</div>

					<div class="column">
						The stateful inspection firewall that is working inside IPFire
						is one of the fastest of its kind.
						Configuration of even complex rulesets becomes easy with
						groups for hosts and services on the network and help you
						to keep things in order, even when it gets complicated.
					</div>
				</div>
			</div>
		</section>

		<section class="section">
			<div class="block">
				<div class="columns">
					<div class="column is-one-third content">
						<h6>Network Security</h6>

						<ul>
							<li>Stateful inspection firewall</li>
							<li>
								Builtin network segmentation
								<ul>
									<li>Demilitarized Zone (DMZ)</li>
									<li>Separate network for wireless devices/guest network</li>
								</ul>
							</li>
							<li>Flexible rule creating with groups and visual aids</li>
							<li>Intrusion Prevention System</li>
							<li>
								Rate Limiting to Protect Servers from DoS attacks
								and Maximum Connection Limits
							</li>
							<li>SYN-flood Protection</li>
							<li>Country-based Firewall Rules</li>
							<li>Source and Destination NAT Rules</li>
							<li>Time-based Firewall Rules</li>
							<li>MAC address-based Firewall Rules</li>
							<li>Blocking of P2P Networks</li>
							<li>Connection Logging</li>
						</ul>

						<h6>Network Features</h6>

						<ul>
							<li>VLAN (802.1q)</li>
							<li>Port Bridging</li>
							<li>Spanning Tree Protocol Support</li>
							<li>Wireless Access Point</li>
							<li>Live Connection Tracking</li>
							<li>Static Routes</li>
							<li>Dynamic Routing with Bird or FRR using BGP/OSPF</li>
							<li>
								DHCP Server
								<ul>
									<li>Static Leases</li>
									<li>DNS Update (RFC2136)</li>
									<li>Support for DHCP Options</li>
								</ul>
							</li>
							<li>Network Time Server (NTP)</li>
							<li>Dynamic DNS Client with support for many providers</li>
							<li>
								Captive Portal
								<ul>
									<li>Terms &amp; Conditions or Coupon</li>
									<li>Customizable to your corporate design</li>
									<li>Coupon Code Export in PDF Format</li>
									<li>Flexible Coupon Expiry Times</li>
								</ul>
							</li>
							<li>Wake-on-LAN (WOL)</li>
						</ul>

						<h6>Web Proxy</h6>

						<ul>
							<li>Transparent Mode</li>
							<li>Support for Upstream Proxies with Authentication</li>
							<li>Advanced Logging</li>
							<li>In Memory and on Disk Cache</li>
							<li>
								Network-based Access Control (ACL)
								<ul>
									<li>By IP Address</li>
									<li>By MAC Address</li>
									<li>Ban/Allow List</li>
								</ul>
							</li>
							<li>Time-based Rules</li>
							<li>Transfer Limits based on File Size</li>
							<li>Download Throttling per Network Zone or Host</li>
							<li>Anomaly Detection based on AS Information</li>
							<li>MIME Type Filter</li>
							<li>Classroom Extensions</li>
							<li>Web Proxy Auto-Discovery Protocol (WPAD)</li>
							<li>Proxy Auto-Config (PAC)</li>
							<li>
								Authentication
								<ul>
									<li>Local User Database</li>
									<li>Microsoft Windows Active Directory</li>
									<li>LDAP</li>
									<li>RADIUS</li>
								</ul>
							</li>
							<li>
								Advanced Content Filtering
								<ul>
									<li>Blocklist-based Access Blocking</li>
									<li>Support for Various Blocklist Providers</li>
									<li>Automatic List Update</li>
									<li>Custom Blocklists</li>
									<li>Custom Allowlists</li>
									<li>Custom Expression Lists</li>
									<li>Filter by File Extension</li>
									<li>Custom Error Page</li>
								</ul>
							</li>
							<li>
								Advanced Update Caching
								<ul>
									<li>Microsoft Windows</li>
									<li>Apple Operating Systems</li>
									<li>Adobe</li>
									<li>Mozilla</li>
									<li>
										Various Anti-Virus Signatures including
										Avast,
										Avira,
										AVG,
										McAffee,
										Trend Micro,
										and Symantec
									</li>
								</ul>
							</li>
						</ul>
					</div>

					<div class="column is-one-third content">
						<h6>WAN Features</h6>

						<ul>
							<li>Support for Fibre, DSL, Cable and 5G/4G/3G</li>
							<li>Multiple Public IP Addresses</li>
							<li>Automatic failover for dialup connections</li>
							<li>User-Assignable MAC Address</li>
						</ul>

						<h6>VPN</h6>

						<ul>
							<li>
								IPsec
								<ul>
									<li>Net-to-Net and Net-to-Host Mode</li>
									<li>Support for IKEv2 and IKEv1</li>
									<li>Public Key and Pre-Shared-Secret Authentication</li>
									<li>
										Encryption
										<ul>
											<li>AES (CBC, GCM)</li>
											<li>ChaCha20-Poly1305</li>
											<li>Camellia</li>
											<li>3DES</li>
										</ul>
									</li>
									<li>
										Integrity
										<ul>
											<li>SHA2 512/384/256 Bit</li>
											<li>AES XCBC</li>
											<li>SHA1</li>
											<li>MD5</li>
										</ul>
									</li>
									<li>
										Key Exchange
										<ul>
											<li>Curve-25519, Curve-448</li>
											<li>NIST ECP-521, 384, 256, 224, or 192 Bit</li>
											<li>Brainpool ECP-512, 384, 256, or 224 Bit</li>
											<li>RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit</li>
										</ul>
									</li>
									<li>Hardware-accelerated Encryption</li>
									<li>Tunnel and Transport Mode</li>
									<li>Encapsulation with GRE and VTI</li>
									<li>Dead Peer Detection</li>
									<li>Perfect Forward Secrecy</li>
									<li>MOBIKE</li>
									<li>On-demand mode</li>
									<li>Payload Compression</li>
									<li>Easy connection export to Apple Mac OS/iOS devices</li>
								</ul>
							</li>
							<li>
								OpenVPN
								<ul>
									<li>Net-to-Net and Net-to-Host Mode</li>
									<li>Public Key Authentication</li>
									<li>
										Encryption
										<ul>
											<li>AES (CBC, GCM)</li>
											<li>Camellia</li>
											<li>SEED</li>
											<li>DES/3DES</li>
											<li>Blowfish</li>
											<li>CAST5</li>
										</ul>
									</li>
									<li>
										Integrity
										<ul>
											<li>SHA2 512, 384, or 256 Bit</li>
											<li>Whirpool</li>
											<li>SHA1</li>
										</ul>
									</li>
									<li>TLS Authentication</li>
									<li>TLS Channel Protection</li>
									<li>LZO Compression</li>
									<li>Configuration Export/Import in ZIP Format</li>
								</ul>
							</li>
						</ul>

						<h6>Quality of Service (QoS)</h6>

						<ul>
							<li>Inbound &amp; Outbound Traffic Shaping</li>
							<li>Latency Minimization</li>
							<li>Classify Traffic by IP Address, Protocol, or Ports</li>
							<li>Layer7 Protocol Detection</li>
						</ul>
					</div>

					<div class="column is-one-third content">
						<h6>Intrusion Prevention System</h6>

						<ul>
							<li>Live Deep Packet Analysis</li>
							<li>Graphical Rule Editor</li>
							<li>Support for Various Rule Providers</li>
							<li>Automatic Ruleset Updates</li>
						</ul>

						<h6>DNS</h6>

						<ul>
							<li>Internal DNSSEC-validating DNS proxy</li>
							<li>Caching for faster DNS response times</li>
							<li>Local hostnames</li>
							<li>DNS Forwarding for Zones</li>
							<li>Configuration of multiple upstream DNS recursors</li>
							<li>Recursor/Standalone Mode</li>
							<li>DNS-over-TLS, TCP or UDP</li>
							<li>SafeSearch</li>
							<li>QNAME Minimization</li>
						</ul>

						<h6>Operating System</h6>

						<ul>
							<li>Comfortable Web User Interface in various languages</li>
							<li>Simple One-Click Updates</li>
							<li>Configuration Backup and Restore</li>
							<li>Detailed System Health Reports and Graphs</li>
							<li>Console Access with SSH</li>
							<li>Serial Console</li>
							<li>Hardware Vulnerability Reporting</li>
							<li>Email Notifications</li>
							<li>Remote Syslog</li>
							<li>SNMP/Zabbix/Observium Monitoring</li>
						</ul>
					</div>
				</div>
			</div>
		</div>
	</section>
{% end block %}
Commit	Line	Data
8ea3eaa2	1	{% extends "../base.html" %}
e9f2963b MT	2
	3	{% block title %}{{ _("About IPFire") }}{% end block %}
	4
	5	{% block container %}
a94d97d8 RH	6	<section class="hero has-background-primary-light">
	7	<div class="hero-body">
	8	<div class="container">
	9	<nav class="breadcrumb is-medium" aria-label="breadcrumbs">
	10	<ul>
	11	<li>
	12	<a href="/">Home</a>
	13	</li>
	14	<li class="is-active">
	15	<a href="#" aria-current="page">About</a>
	16	</li>
	17	</ul>
	18	</nav>
3f962e91 MT	19	<h1 class="title is-1">
	20	About IPFire<span class="has-text-primary">_</span>
	21	</h1>
8ed8eee6	22	<p class="subtitle">The Open Source Firewall</p>
a94d97d8	23	</div>
e9f2963b	24	</div>
a94d97d8 RH	25	</section>
a94d97d8 RH	26
e9f2963b	27	<div class="container">
4aaca481	28	<section class="section">
3f962e91 MT	29	<div class="block">
	30	<p class="is-size-4">
	31	<strong>IPFire<span class="has-text-primary">_</span></strong>
	32	is the world's leading Open Source firewall distribution.
	33	Businesses across the world have chosen to put their trust
	34	in our versatile, feature-rich solution with its easy-to-use
	35	web management console. Why not join them today?
	36	</p>
	37	</div>
	38	</section>
0360cc69	39
3f962e91 MT	40	<section class="section">
	41	<div class="block">
	42	<div class="columns is-multiline">
	43	<div class="column is-half">
	44	<div class="columns is-mobile is-vcentered">
	45	<div class="column is-3 has-text-centered">
64bc5541	46	<i class="fas fa-shield-halved fa-5x"></i>
3f962e91	47	</div>
e9f2963b	48
3f962e91 MT	49	<div class="column">
3f962e91 MT	50	<p class="title is-5">Security by Design</p>
e9f2963b	51
3f962e91 MT	52	<p>
	53	Network segmentation is the key to a secure network.
	54	IPFire sets up a DMZ for your local infrastructure or a
	55	guest network for any visitors separating and protecting
	56	other parts of your network.
	57	</p>
	58	</div>
	59	</div>
	60	</div>
e9f2963b	61
3f962e91 MT	62	<div class="column is-half">
	63	<div class="columns is-mobile is-vcentered">
	64	<div class="column is-3 has-text-centered">
64bc5541	65	<i class="fas fa-rocket fa-5x"></i>
3f962e91	66	</div>
e9f2963b	67
3f962e91 MT	68	<div class="column">
3f962e91 MT	69	<p class="title is-5">Industry-Leading Firewall Engine</p>
e9f2963b	70
3f962e91 MT	71	<p>
	72	Our stateful packet inspection firewall engine analyses
	73	traffic for the latest threats and performs
	74	deep packet inspection in real time.
	75	Due to our smart user interface, creating even complex
	76	setups is quick and straight-forward.
	77	</p>
	78	</div>
	79	</div>
	80	</div>
e9f2963b	81
3f962e91 MT	82	<div class="column is-half">
	83	<div class="columns is-mobile is-vcentered">
	84	<div class="column is-3 has-text-centered">
64bc5541	85	<i class="fas fa-network-wired fa-5x"></i>
3f962e91	86	</div>
e9f2963b	87
3f962e91 MT	88	<div class="column">
3f962e91 MT	89	<p class="title is-5">We Connect the World</p>
e9f2963b	90
3f962e91	91	<p>
196dfc15 RH	92	We securely connect your employees to their desks at home,
	93	your global business partners and the infrastructure in your data centre,
	94	giving you maximum flexibility so that you can focus on what really matters.
3f962e91 MT	95	</p>
	96	</div>
	97	</div>
	98	</div>
e9f2963b	99
3f962e91 MT	100	<div class="column is-half">
	101	<div class="columns is-mobile is-vcentered">
	102	<div class="column is-3 has-text-centered">
64bc5541	103	<span class="fas fa-thumbs-up fa-5x"></span>
3f962e91 MT	104	</div>
	105
	106	<div class="column">
	107	<p class="title is-5">Easy to Use</p>
	108
	109	<p>
	110	IPFire is managed over a web-based console which
	111	is powerful, yet easy to use.
	112	Each feature is just one click away.
	113	Advanced reporting and real time graphs give you
	114	detailed insight into your network.
	115	</p>
	116	</div>
	117	</div>
	118	</div>
	119
	120	<div class="column is-half">
	121	<div class="columns is-mobile is-vcentered">
	122	<div class="column is-3 has-text-centered">
64bc5541	123	<i class="fa-solid fa-earth-europe fa-5x"></i>
3f962e91 MT	124	</div>
	125
	126	<div class="column">
	127	<p class="title is-5">Supporting Global Standards</p>
	128
	129	<p>
	130	Commonly deployed in businesses and educational organisations
	131	of all sizes, IPFire interoperates perfectly with solutions
	132	from other vendors making it an ideal drop-in replacement.
	133	</p>
	134	</div>
	135	</div>
	136	</div>
	137
	138	<div class="column is-half">
	139	<div class="columns is-mobile is-vcentered">
	140	<div class="column is-3 has-text-centered">
64bc5541	141	<i class="fas fa-terminal fa-5x"></i>
3f962e91 MT	142	</div>
	143
	144	<div class="column">
	145	<p class="title is-5">Free As In Freedom</p>
	146
	147	<p>
	148	IPFire is free software.
	149	Our community develops and reviews all changes going
	150	into the code base and IPFire is regularly audited by
	151	independent third parties.
	152	Become a part of the community and help us
	153	to continue improving IPFire!
	154	</p>
	155	</div>
	156	</div>
	157	</div>
e9f2963b MT	158	</div>
	159	</div>
	160	</section>
0610dc2c	161
3f962e91	162	<section class="section">
ea6757b8 MT	163	<a class="button is-primary is-large is-fullwidth" href="/download">
	164	<span class="is-hidden-touch">{{ _("DOWNLOAD IPFIRE NOW. IT'S FREE!") }}</span>
	165	<span class="is-hidden-desktop">{{ _("DOWNLOAD NOW") }}</span>
	166	</a>
3f962e91 MT	167
	168	<!-- any screenshots go here -->
	169	</section>
	170
4aaca481	171	<section class="section">
0b4ce8c4	172	<h3 class="title is-3">{{ _("Meet The Team") }}</h3>
0610dc2c	173
3f962e91 MT	174	<div class="block">
	175	<p class="is-size-5">
	176	IPFire is built by a group of experts from various backgrounds and places
	177	and we could not do it without our great community around us.
	178
	179	<a href="/donate">Support our work with your donation!</a>
	180	</p>
	181	</div>
	182
0610dc2c MT	183	{% set core_team = backend.groups.get_by_gid("core-team") %}
0610dc2c MT	184
f72e375e MT	185	<div class="block">
	186	<div class="columns is-multiline is-mobile">
	187	{% for account in sorted(core_team, key=lambda a: a.created_at) %}
	188	<div class="column has-text-centered">
	189	<figure class="image is-128x128 is-inline-block">
	190	<img class="is-rounded" src="{{ account.avatar_url(size=128) }}">
	191	</figure>
	192
	193	<h4 class="title is-4 has-text-weight-bold">{{ account.name or account.nickname }}</h5>
	194	</div>
	195	{% end %}
	196	</div>
0610dc2c MT	197	</div>
	198
	199	{% set team = [
	200	a for a in backend.groups.get_by_gid("contributors") if not a in core_team
	201	] %}
	202
	203	{% if team %}
f72e375e MT	204	<div class="block">
	205	<div class="columns is-multiline is-mobile">
	206	{% for account in sorted(team, key=lambda a: a.created_at) %}
	207	<div class="column is-half-mobile is-one-third-tablet is-one-quarter-desktop is-one-fifth-widescreen is-one-fifth-fullhd">
	208	<div class="columns is-vcentered is-mobile">
	209	<div class="column is-narrow">
	210	<figure class="image is-48x48">
	211	<img class="is-rounded" src="{{ account.avatar_url(size=48) }}">
	212	</figure>
	213	</div>
	214	<div class="column">
	215	<h6 class="title is-6 has-text-weight-bold">{{ account.name or account.nickname }}</h6>
	216	</div>
0b4ce8c4 RH	217	</div>
0b4ce8c4 RH	218	</div>
f72e375e MT	219	{% end %}
f72e375e MT	220	</div>
0610dc2c MT	221	</div>
0610dc2c MT	222	{% end %}
321e89e6 MT	223
	224	<!-- Talk about funding. Donations, how LWL supports the project -->
	225	</section>
	226	</div>
	227
	228	<div class="container">
d3b246c7 RH	229	<section class="section">
d3b246c7 RH	230	<div class="block">
3f962e91	231	<h3 class="title is-3">{{ _("Under The Hood") }}</h3>
d3b246c7 RH	232
	233	<div class="columns">
	234	<div class="column is-one-fourth">
	235	IPFire is not only an app that you install, it is a whole operating
	236	system based on Linux, hardened and tuned to the maximum to serve
	237	as a firewall.
	238	Regular updates help keeping even the hardest kind of hacker out.
	239	</div>
321e89e6	240
d3b246c7 RH	241	<div class="column">
	242	The stateful inspection firewall that is working inside IPFire
	243	is one of the fastest of its kind.
	244	Configuration of even complex rulesets becomes easy with
	245	groups for hosts and services on the network and help you
	246	to keep things in order, even when it gets complicated.
	247	</div>
321e89e6 MT	248	</div>
321e89e6 MT	249	</div>
d3b246c7	250	</section>
321e89e6	251
0b4ce8c4	252	<section class="section">
811ede6a	253	<div class="block">
0b4ce8c4 RH	254	<div class="columns">
	255	<div class="column is-one-third content">
	256	<h6>Network Security</h6>
	257
	258	<ul>
	259	<li>Stateful inspection firewall</li>
	260	<li>
	261	Builtin network segmentation
	262	<ul>
	263	<li>Demilitarized Zone (DMZ)</li>
	264	<li>Separate network for wireless devices/guest network</li>
	265	</ul>
	266	</li>
	267	<li>Flexible rule creating with groups and visual aids</li>
	268	<li>Intrusion Prevention System</li>
	269	<li>
	270	Rate Limiting to Protect Servers from DoS attacks
	271	and Maximum Connection Limits
	272	</li>
	273	<li>SYN-flood Protection</li>
	274	<li>Country-based Firewall Rules</li>
	275	<li>Source and Destination NAT Rules</li>
	276	<li>Time-based Firewall Rules</li>
	277	<li>MAC address-based Firewall Rules</li>
	278	<li>Blocking of P2P Networks</li>
	279	<li>Connection Logging</li>
	280	</ul>
	281
	282	<h6>Network Features</h6>
	283
	284	<ul>
	285	<li>VLAN (802.1q)</li>
	286	<li>Port Bridging</li>
	287	<li>Spanning Tree Protocol Support</li>
	288	<li>Wireless Access Point</li>
	289	<li>Live Connection Tracking</li>
	290	<li>Static Routes</li>
	291	<li>Dynamic Routing with Bird or FRR using BGP/OSPF</li>
	292	<li>
	293	DHCP Server
	294	<ul>
	295	<li>Static Leases</li>
	296	<li>DNS Update (RFC2136)</li>
	297	<li>Support for DHCP Options</li>
	298	</ul>
	299	</li>
	300	<li>Network Time Server (NTP)</li>
	301	<li>Dynamic DNS Client with support for many providers</li>
	302	<li>
	303	Captive Portal
	304	<ul>
	305	<li>Terms & Conditions or Coupon</li>
	306	<li>Customizable to your corporate design</li>
	307	<li>Coupon Code Export in PDF Format</li>
	308	<li>Flexible Coupon Expiry Times</li>
	309	</ul>
	310	</li>
	311	<li>Wake-on-LAN (WOL)</li>
	312	</ul>
	313
	314	<h6>Web Proxy</h6>
	315
	316	<ul>
	317	<li>Transparent Mode</li>
318	<li>Support for Upstream Proxies with Authentication</li>
319	<li>Advanced Logging</li>
320	<li>In Memory and on Disk Cache</li>
321	<li>
322	Network-based Access Control (ACL)
323	<ul>
324	<li>By IP Address</li>
325	<li>By MAC Address</li>
326	<li>Ban/Allow List</li>
327	</ul>
328	</li>
329	<li>Time-based Rules</li>
330	<li>Transfer Limits based on File Size</li>
331	<li>Download Throttling per Network Zone or Host</li>
332	<li>Anomaly Detection based on AS Information</li>
333	<li>MIME Type Filter</li>
334	<li>Classroom Extensions</li>
335	<li>Web Proxy Auto-Discovery Protocol (WPAD)</li>
336	<li>Proxy Auto-Config (PAC)</li>
337	<li>
338	Authentication
339	<ul>
340	<li>Local User Database</li>
341	<li>Microsoft Windows Active Directory</li>
342	<li>LDAP</li>
343	<li>RADIUS</li>
344	</ul>
345	</li>
346	<li>
347	Advanced Content Filtering
348	<ul>
349	<li>Blocklist-based Access Blocking</li>
350	<li>Support for Various Blocklist Providers</li>
351	<li>Automatic List Update</li>
352	<li>Custom Blocklists</li>
353	<li>Custom Allowlists</li>
354	<li>Custom Expression Lists</li>
355	<li>Filter by File Extension</li>
356	<li>Custom Error Page</li>
357	</ul>
358	</li>
359	<li>
360	Advanced Update Caching
361	<ul>
362	<li>Microsoft Windows</li>
363	<li>Apple Operating Systems</li>
364	<li>Adobe</li>
365	<li>Mozilla</li>
366	<li>
367	Various Anti-Virus Signatures including
368	Avast,
369	Avira,
370	AVG,
371	McAffee,
372	Trend Micro,
373	and Symantec
374	</li>
375	</ul>
376	</li>
377	</ul>
378	</div>
321e89e6	379
0b4ce8c4 RH	380	<div class="column is-one-third content">
	381	<h6>WAN Features</h6>
	382
	383	<ul>
	384	<li>Support for Fibre, DSL, Cable and 5G/4G/3G</li>
	385	<li>Multiple Public IP Addresses</li>
	386	<li>Automatic failover for dialup connections</li>
	387	<li>User-Assignable MAC Address</li>
	388	</ul>
	389
	390	<h6>VPN</h6>
	391
	392	<ul>
	393	<li>
	394	IPsec
	395	<ul>
	396	<li>Net-to-Net and Net-to-Host Mode</li>
	397	<li>Support for IKEv2 and IKEv1</li>
	398	<li>Public Key and Pre-Shared-Secret Authentication</li>
	399	<li>
	400	Encryption
	401	<ul>
	402	<li>AES (CBC, GCM)</li>
	403	<li>ChaCha20-Poly1305</li>
	404	<li>Camellia</li>
	405	<li>3DES</li>
	406	</ul>
	407	</li>
	408	<li>
	409	Integrity
	410	<ul>
	411	<li>SHA2 512/384/256 Bit</li>
	412	<li>AES XCBC</li>
	413	<li>SHA1</li>
	414	<li>MD5</li>
	415	</ul>
	416	</li>
	417	<li>
	418	Key Exchange
	419	<ul>
	420	<li>Curve-25519, Curve-448</li>
	421	<li>NIST ECP-521, 384, 256, 224, or 192 Bit</li>
	422	<li>Brainpool ECP-512, 384, 256, or 224 Bit</li>
	423	<li>RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit</li>
	424	</ul>
	425	</li>
	426	<li>Hardware-accelerated Encryption</li>
	427	<li>Tunnel and Transport Mode</li>
	428	<li>Encapsulation with GRE and VTI</li>
	429	<li>Dead Peer Detection</li>
	430	<li>Perfect Forward Secrecy</li>
	431	<li>MOBIKE</li>
	432	<li>On-demand mode</li>
	433	<li>Payload Compression</li>
	434	<li>Easy connection export to Apple Mac OS/iOS devices</li>
	435	</ul>
	436	</li>
	437	<li>
	438	OpenVPN
	439	<ul>
	440	<li>Net-to-Net and Net-to-Host Mode</li>
	441	<li>Public Key Authentication</li>
	442	<li>
	443	Encryption
444	<ul>
445	<li>AES (CBC, GCM)</li>
446	<li>Camellia</li>
447	<li>SEED</li>
448	<li>DES/3DES</li>
449	<li>Blowfish</li>
450	<li>CAST5</li>
451	</ul>
452	</li>
453	<li>
454	Integrity
455	<ul>
456	<li>SHA2 512, 384, or 256 Bit</li>
457	<li>Whirpool</li>
458	<li>SHA1</li>
459	</ul>
460	</li>
461	<li>TLS Authentication</li>
462	<li>TLS Channel Protection</li>
463	<li>LZO Compression</li>
464	<li>Configuration Export/Import in ZIP Format</li>
465	</ul>
466	</li>
467	</ul>
468
469	<h6>Quality of Service (QoS)</h6>
470
471	<ul>
472	<li>Inbound & Outbound Traffic Shaping</li>
473	<li>Latency Minimization</li>
474	<li>Classify Traffic by IP Address, Protocol, or Ports</li>
475	<li>Layer7 Protocol Detection</li>
476	</ul>
477	</div>
321e89e6	478
0b4ce8c4 RH	479	<div class="column is-one-third content">
	480	<h6>Intrusion Prevention System</h6>
	481
	482	<ul>
	483	<li>Live Deep Packet Analysis</li>
	484	<li>Graphical Rule Editor</li>
	485	<li>Support for Various Rule Providers</li>
	486	<li>Automatic Ruleset Updates</li>
	487	</ul>
	488
	489	<h6>DNS</h6>
	490
	491	<ul>
	492	<li>Internal DNSSEC-validating DNS proxy</li>
	493	<li>Caching for faster DNS response times</li>
	494	<li>Local hostnames</li>
	495	<li>DNS Forwarding for Zones</li>
	496	<li>Configuration of multiple upstream DNS recursors</li>
	497	<li>Recursor/Standalone Mode</li>
	498	<li>DNS-over-TLS, TCP or UDP</li>
	499	<li>SafeSearch</li>
	500	<li>QNAME Minimization</li>
	501	</ul>
	502
	503	<h6>Operating System</h6>
	504
	505	<ul>
	506	<li>Comfortable Web User Interface in various languages</li>
	507	<li>Simple One-Click Updates</li>
	508	<li>Configuration Backup and Restore</li>
	509	<li>Detailed System Health Reports and Graphs</li>
	510	<li>Console Access with SSH</li>
	511	<li>Serial Console</li>
	512	<li>Hardware Vulnerability Reporting</li>
	513	<li>Email Notifications</li>
	514	<li>Remote Syslog</li>
	515	<li>SNMP/Zabbix/Observium Monitoring</li>
	516	</ul>
	517	</div>
321e89e6 MT	518	</div>
321e89e6 MT	519	</div>
d3b246c7	520	</div>
0b4ce8c4	521	</section>
e9f2963b	522	{% end block %}