Malaysian Open Source Firewall Router
Why we need Garcinia?
With the increasing dependencies on the Internet and networks of computers for our business use the threat we are facing now are also the growing. From viruses, DDOS, hackers attacks and a lot more, these bare threats are all over the netosphere and we wont even know who is the culprits trying to intrude into our systems. When they do our business can be jeopardized.
Garcinia Firewall Router is a product that manages your network from any congestion and harm. Garcinia analyze the incoming and outgoing network traffic. Loss and manipulation of data, business secrets and confidential of data leaks, lost of time due to the down time is loss of money to the business. Firewall are indeed important and everyone who is online must strive to have a firewall protection before it's vulnerable to external and internal. After years of research and development using OPNSense project which is free, we customized distribution of hardenedBSD kernel, we repackage and named it Garcinia to support our local industries and open source community especially in this country.
You need Garcinia due to these following reasons :
1. It avoids all unwanted incoming and outgoing network traffic based on source or destination.
2. Report about Network traffic and activities to the Network administrator.
3. Protect your valuable data and confidential data.
4. By Protecting your network, it allows your network to function without any stop,24x7x365 days.
5. Cheaper price compare to others competitor products.
Malaysian Made Product: Garcinia Firewall Router are Malaysian made product, proudly we present the First Network Security product that developed by 100% Malaysia with implementation and the blend of Asian Culture through the name. GARCINIA is a scientific name of MANGOESTEEN that control your network environment and give protection against various threat.
Garcinia Core Features
Garcinia offers a dashboard feature to quickly check the status of your Garcinia Firewall. Shown is the latest version with drag and drop multi column support.
Modern User Interface
The modern user interface offers a great user experience with multi language support, build-in help and quick navigation with the search box.
Shown is the fast search navigation option.
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. Garcinia offers grouping of Firewall Rules by Category, a great feature for more demanding network setups.
Aliases & GeoLite Country Database
Managing firewall rules have never been this easy. By using Aliases, you can group multiple IP's or Host into one list, to be used in firewall rules. Additionally, IP or Hostnames can be fetched from external URLs, examples are DROP (Do Not Route Or Peer), Abuse.ch's Ransomware tracker and the build-in Maxmind GeoLite2 Country database.
Traffic shaping within Garcinia is very flexible and is organised around pipes, queues and corresponding rules. The pipes define the allowed bandwidth, the queues can be used to set a weight within the pipe and finally the rules are used to apply the shaping to a certain package flow. The shaping rules are handled independently from the firewall rules and other settings.
Two-factor authentication also known as 2FA or 2-Step Verification is an authentication method that requires two components, such as a pin/password + a token. Garcinia offers full support for Two-factor authentication ( 2FA ) throughout the entire system utilising TOTP with for instance Google Authenticator.
Supported 2FA services include:
- Garcinia Graphical User Interface
- Captive Portal
- Virtual Private Networking - OpenVPN & IPsec
- Caching Proxy
Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. Garcinia offer most enterprise features including Radius and voucher support.
Virtual Private Network - IPsec & OpenVPN GUI
Garcinia offers a wide range of VPN technologies ranging from modern SSL VPN’s to well-known IPsec as well as older (now considered insecure) legacy options such as L2TP and PPTP. Site-to-Site and road warrior setups are possible and with the integrated OpenVPN client exporter, the client can be configured within minutes. Looking for a IPsec or OpenVPN GUI, you just found something better!
High Availability / Hardware Failover (CARP)
Garcinia utilises the Common Address Redundancy Protocol or CARP for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. Utilising this powerful feature of Garcinia creates a fully redundant firewall with automatic and seamless fail-over. While switching to the backup network connections will stay active with minimal interruption for the users.
The caching proxy offered by Garcinia is fully featured and includes category-based web filtering, extensive Access Control Lists and can run in transparent mode. The proxy can be combined with the traffic shaper to enhance user experience. Integration with most professional Anti-Virus solutions is possible trough the ICAP interface.
The inline IPS system of Garcinia is based on Suricata and utilises Netmap to enhance performance and minimize CPU utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed.
- Integrated support for ET Open rules.
The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection.
- Integrated SSL Blacklist (SSLBL)
A project maintained by abuse.ch. The goal is to provide a list of “bad” SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists.
- Integrated Feodo Tracker
Feodo (also known as Cridex or Bugat) is a Trojan used to commit ebanking fraud and steal sensitive information from the victims computer, such as credit card details or credentials. At the moment, Feodo Tracker is tracking four versions of Feodo.
SSL Finger Printing
The IPS option to allow user defined rules include the option for SSL fingerprinting. With this option SSL communication can be blocked at the initial connection attempt by dropping the SSL key exchange.
Backup & Restore
Better safe than sorry, always keep an up to date backup of your configuration. It’s easy with Garcinia.
Automatic backups of configuration changes make it possible to review history and restore previous settings.
Easily download a backup from within the GUI and store on a safe place.
Encrypt the backup with a strong password and make plain text unreadable for unauthorised persons.
Upload your configuration backup file and restore it with ease.
- Cloud Backup
Garcinia supports encrypted cloud backup of your configuration with the option to keep backups of older files (history). For this purpose, Google drive support has been integrated into the user interface.
Reporting & Monitoring
Garcinia offers many options for reporting and monitoring the system, these include:
- System Health
A modern take on RRD graphs with the option to zoom in and export data.
- Netflow Exporter
Use your favorite netflow analyser to see most active users, interfaces, ports & applications.
- Insight - Integrated Netflow Analyser
Garcinia also offers an integrated Netflow analyser without the need for additional plugins or tools, similar to what you may find in high-end commercial products.
Firmware & Plugins
Offering a robust firmware upgrade path to react on emerging threats in a fashionable time; Garcinia is equipped with a reliable and secure update mechanism to provide weekly security updates. A plugin mechanism can be used to install additional packages and customisations.