Human Network Managers

In general, network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks. At Mutiara, we do research, development, testing and deployment of our own brand of Network Security Firewall / VPN from small, medium to large scale numbers of nodes in your organization.

Mutiara Security Firewall

null

Provide Full Consulting

The firewall, while central to protecting your systems and data, isn’t the only facet of security required by companies connecting to the Internet. We also provide full consulting services and software to support the security needs of your business

null

Customizable Security

This network firewall designed to protect your Network against attacks from the Internet or via a local area network. Mutiara Firewall offers customization security using user-defined rules for packet filtering. It works at a low level and also allows you to create rules based on non-IP protocols.

null

Multiple Network

The Mutiara Security Firewall supports multiple network adapter configurations. This allows you to apply a rule, for example, for just a modem connection or you could apply separate rules for each system interface. With a flexible filtering system, trusted MAC address checking feature and separate network adapter configuration you can even use it on a router or a server

null

Reduce Attacks

And we have a range of software tools, which further helps reduce attacks and make sure that the only people using your systems are the ones you want

Firewall Features

  • Filtering by source

    Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic

  • Limit Simultaneous Connections

    Able to limit simultaneous connections on a per-rule basis

  • Filter by the Operating System

    M-Wall utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? M-Wall can do so (amongst many other possibilities) by passively detecting the Operating System in use.

  • Matching Each Rule

    Option to log or not log traffic matching each rule

  • Highly Flexible

    Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)

  • Allow Grouping

    Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall rule set clean and easy to understand, especially in environments with multiple public IPs and numerous servers.

  • Bridge Interfaces

    Transparent layer 2 firewalling capable – can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).

  • Packet normalization

    Description from the pf scrub documentation – “‘Scrubbing’ is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations.”

  • Enabled in M-Wall by default

  • Disable If Necessary

    Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations

  • Disable Filter

    You can turn off the firewall filter entirely if you wish to turn M-Wall into a pure router.

State Table

The firewall's state table maintains information on your open network connections. M-Wall is a stateful firewall, by default all rules are stateful. Most firewalls lack the ability to finely control your state table. M-Wall has numerous features allowing granular control of your state table, thanks to the abilities of OpenBSD's pf.

Adjustable State Table Size

  • Multiple Production

    There are multiple production M-Wall installations using several hundred thousand states.

  • Can Be Increased

    The default state table size is 10,000, but it can be increased on the fly to your desired size.

  • Memory Usage

    Each state takes approximately 1 KB of RAM, so keep in mind memory usage when sizing your state table.

On a per-rule basis

  • Limit simultaneous client connections

  • Limit states per host

  • Limit new connections per second

  • Define state timeout

  • Define state type

Multiple options for state handling

  • Keep state

    Works with all protocols. Default for all rules.

  • Modulate state

    Works only with TCP. M-Wall will generate strong Initial Sequence Numbers (ISNs) on behalf of the host.

  • Synproxy state

    Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.

  • None

    Do not keep any state entries for this traffic. This is very rarely desirable, but is available because it can be useful under some limited circumstances.

Four options for state table optimization

  • Normal

    The default algorithm

  • High latency

    Useful for high latency links, such as satellite connections. Expires idle connections later than normal.

  • Aggressive

    Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections.

  • Conservative

    Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization.