• Saves the budget for implementing an IPv6-based gateway simply for IPv4-to-IPv6 address translation.
• Assigns or groups LAN / WAN / DMZ interfaces based on network policy.
• Meets business continuity needs: VPN trunking, link failover, etc.
• Fairly distributes network traffic to each connection using bidirectional load balancing capabilities along with policy-based routing.
• Prohibits IM clients, P2P software, and other TCP/IP-based applications from being used for recreational purposes.
• Offers mobile workers with SSL (Web) VPN and office users with IPSec and PPTP VPN, along with VPN trunking feature, it tunnels your private connections with a more stable and convenient approach.
• Targets QoS mechanisms at individual or groups; enables companies to base bandwidth allocation on their policies.
• Provides authentication, authorization, and accounting services for easy management using an AAA server.
• Informs the targeted user and IT administrator of the detection of any packet-flooding attack allowing it to be resolved during its initial stage.

Authentication
Mechanisms

Multi-WAN
Load
Balancing

Policy-
Oriented
Management

SPI
Firewall

Co-Defense
System

AAA Server

Web-Based UI

Policy-Based
Routing

Link
Failover

Application
Blocking

Bandwidth
Management

File Transfer
Blocking

Anomaly Traffic
Detection

Logging

IPv4/IPv6
Compatibility

User-
Definable
Networks

Web Filtering

1.Full IPv6 Compatibility

• The device is completely compatible with the mainstream Internet protocol of the future -- IPv6. There is no budget required for implementing another IPv6-based gateway simply for IPv4-to-IPv6 address translation.

2.Custom Network Interface Groups

• Up to four network interfaces are available for defining as LAN, WAN, DMZ or network groups (groups are isolated from one another). Thus, MHG-1000 can serve as an internal firewall physically separating each subnet with its grouping feature, undoubtedly boosting your network security.

3.In- / Outbound Load Balancing & PBR

• The device can load-balance outbound traffic evenly across WAN ports based on various load-balancing algorithms. It efficaciously makes the most advantage of your bandwidth and ensures you with a reliable connection.
  Besides outbound load balancing, it is also capable of inbound load balancing, which helps mitigate multiple webpage requests directed at your Web server by distributing them across multiple WAN connections, guaranteeing uninterrupted e-commerce.
  Its policy-based routing (PBR) mechanism allows the IT administrator to assign a specific WAN port for a specific purpose (or traffic).

4.A Total VPN Solution

• MHG-1000’s VPN trunking capability ensures redundancy and bandwidth integration to IPSec and PPTP tunnels, greatly increasing the connection speed and stability. In addition, its SSL (Web) VPN connections adopt Hardware Authentication technology to verify the identity of users using simply hardware information rather than login information. Remote users are now offered fast and easy SSL (Web) VPN access without the need for complex configurations.
  Most third party firewall products lack advanced VPN connection management and therefore result in security risks. In comparison, MHG-1000 secures highly confidential business information carried over the VPN with QoS, authentication, etc.

5.Quality of Service (QoS) / Individual QoS

• The QoS mechanisms allow IT administrators to base the bandwidth allocation on the company’s network policy, preventing bandwidth being exhausted by minorities.

6.AAA Server

• Authentication: Identifies users using either internal or external (RADIUS / POP3 / LDAP) authentication.
• Authorization: Decides what kinds of activities, resources, or services a user is permitted.
• Accounting: Provides detailed session statistics and usage information for network policy adjustment.

7. Web Filtering Mechanism

• The Web Filter employs a cloud-based URL database that has eight categories namely Anti-Social and Illegal, Pornographic and Abusive, Gaming and Gambling, Society and Commerce, Communication and Technology, Leisure, Information and Education, Other, and up to sixty-four subcategories. Website browsing now can be easily regulated by specifying simply the category instead of the URL, keyword, etc.
  In addition to that, IT administrators are also allowed to restrict file transfers, MIME types and browser scripts, and will be provided with detailed logs and statistics for analysis.

8.TCP/IP-Based Application Blocking

• Despite the convenience of instant messaging (IM), the use of IM clients is difficult to manage and thus opens the door for business thefts and viruses. Accordingly, MHG-1000 comes up with the capability to block the use of IM software such as MSN, Yahoo!, Skype, ICQ, and QQ for messaging or file transfer.
  Another security breach may as well result from the use of peer-to-peer sharing applications. It could bring along high bandwidth consumption, information asset leakage, malicious code (Trojan horse), etc. In answer to that, MHG-1000 allows you to restrain the use of major P2P software (eMule, BitTorrent, WinMX, eDonkey, Foxy, etc.). Besides, other activities like multimedia streaming, Web-based email access, online gaming, VPN tunneling, and remote controlling can also be well regulated to ensure network security.

9.Anomaly Traffic Detection

• MHG-1000 is able to proactively block packet-flooding attacks and notify related personnel of the event. A core switch may be incorporated to perform a co-defense against the attack by disabling the switch port containing the source of the attack, efficaciously preventing Denial-of-Service attacks.

• The Web-based UI, available in English, Traditional Chinese, and Simplified Chinese, allows configuration and management to be made through any Web browser from anywhere and consequently no software installation is required.