- Select a Country / Region
Placenav:
As Asia's first technology brand to deliver an Internet management solution, SANGFOR's IAM series can help you achieve complete management of your organization's Internet access. By virtue of powerful functions and easy administration, SANGFOR's IAM family delivers the most effective solutions for P2P traffic management, prevention of unauthorized information disclosure, legal risk mitigation, Internet access usage monitoring, and online security, plus many other features.
SANGFOR's IAM has an industry-leading network behavior recognition ability, with an extensive built-in application recognition database. IAM products can govern up to 500 types of Internet applications. Statistics-based P2P smart recognition technologies can identify encrypted, newly-released or even unknown variants of P2P applications, providing technological assurance for complete governance of P2P applications.
Based on nine years of real world research and development in core networking technologies, as well as a fully optimized systems architecture and a high-performance hardware platform, the SANGFOR IAM series is significantly more advanced than comparable offerings. The IAM products can govern networks of more than 50,000 users.
 |
 |
|
| Play Download | Download |
| Authentication | |
| Function | Description |
 User identification |
IP, MAC, IP/MAC binding, username/password, third-party authentication such as LDAP/AD/RADIUS/POP3/PROXY, USB-KEY and hardware authentication; Single Sign-on (SSO) options include LDAP/POP3/Proxy and forced SSO of designated network segment/account; account control via public/private accounts and account validity period; account import options include text list, IP/MAC scanning, and even account and organization structures from Active Directory servers; |
 Authentication exception |
Accounts can be renamed (in the IP/MAC/computer name formats) based on new users' IP segments; authentication exception-handling includes conflict detection, privileged control after authentication failure and page forward control after successful authentication; |
 Online access authorization |
Multi-level user account management to align with organizational structure, allowing access control based on account, IP, application, behavior, content, period, etc.; Implements re-use, integration and forced inheritance of access privileges by combining object-based access policy templates; Monitoring of accumulated duration and maximum traffic for specified user applications; |
| Internet Access Control | |
| Function | Description |
 HTTP cache |
The duplicated data is cached in RAM or disks of IAM. When users access these data, IAM gets the data from its cache and returns the data to the user, significantly enhancing the access speed (Webpage, files, HTTP online videos, images, etc.) |
 Webpage control |
Contains extensive Zvelo URL database (450 million) that can be also manually customized; Support Webpage filtering based on URL/search word/keyword contained in Webpage; Support keyword-based filtering of outbound Webmail and Web post; fine-grained control such as allowing only reading post but not post thread, and only allowing receiving but not sending mail; |
 Advanced control |
Encrypted SSL URL filtering; identifies and filters attempts to avoid management via public network proxies or encrypted proxy software; Capable to control behavior of sharing web access privileges with others via installed proxy software; |
| File control |
Capable to control outbound file transmission via HTTP/FTP/email attachments, supports identification and blocking of outbound files based on file extensions and file types (to identify encrypted, compressed, extension name modified files); |
 Application identification |
Over 600 application identification rules conveniently built-in to identify and control popular network protocols, including IM chat, network games, Web-based stock trading, P2P, streaming media, remote control, and proxy software; |
 Intelligent P2P identification |
Identifies over 30 popular P2P application protocols such as BitTorrent, eMule, etc. with deep packet inspection (DPI); SANGFOR’s patented intelligent P2P identification technology can further comprehensively identify and manage other variant P2P protocols, encrypted P2P behaviors and unknown P2P behaviors; |
 Email control |
Supports complete blocking of email reception and sending, and filtering of outbound and inbound junk mail; filtering can be based on multiple conditions such as keyword, sender and receiver addresses; patented “Postponed Sending after Audit” option intercepts outbound email per predefined criteria before allowing delivery after manual examination; |
 Bandwidth management |
Multiplexing and intelligent routing; bandwidth management based on wide range of criteria, including application type/Website type/file type, user, time, target IP, etc.; extranet-to-intranet access flow control and bandwidth management; |
| Audit and Report | |
| Function | Description |
| Real-time monitor |
Real-time monitoring of CPU/hard disk/traffic/connection/session status, as well as online user information, traffic ranking and connection ranking; real-time utilization visibility of bandwidth channels; |
| Access audit
(Optional) |
Records a wide variety of audit information including: URL, Webpage title and content accessed (can record only Webpage content containing specific keywords), outbound file transmissions via HTTP and FTP and file content, names and behavior of files downloaded, plain text thread posting and emails, chat sessions on MSN, MSN Shell, Skype, Yahoo! Messenger, Google Talk, etc.; also records application behavior such as network gaming, stock trading, entertainment, P2P downloads and Telnet; tallies user traffic and access duration and audits Webpage/file/email access of extranet users on intranet servers; |
 Reporting |
Supports various kinds of reports, including scheduled reporting of statistics, behaviors, trend, comparison, plus customized reporting of traffic statistics, queries, ranking, times and behavior of users and user groups; |
| Data center features |
Massed log storage with built-in and independent data center support; administrators can easily manage users based on a hierarchical permissions structure; |
 Audit-free Key |
Prevents access audits for users assigned audit-free keys; audit-free status cannot be arbitrarily changed by system administrator (Optional); |
 Log check Key |
Data center administrators can view recorded audit logs only via audit check key (Optional); |
 Content search |
Google-like log search tool to enable the manager to locate logs quickly by entering multiple keywords, including the search and location of the content of the log attachments; supports the title subscription, and supports automatically sending the search results to designated mailbox; |
| Network Security | |
| Function | Description |
| Proxy |
HTTP proxy; Socks 5 proxy;Transparent proxy; |
| IPSec VPN |
Built-in IPSec VPN module |
 Online access security |
Built-in firewall thwarts a range of security threats to gateway reliability, including DoS attacks, ARP spoofing, etc.; |
| Identifies and filters viruses from external network (Optional); | |
| Built-in professional anti-virus engine in router mode; | |
 End-point detection |
Detects end-point profile (including OS version/patch, system processes, disk files, registry, etc.) and can prompt or reject access for end-points not meeting IT requirements or passing security tests; |
 Gateway anti-virus |
Built-in professional anti-virus engine supports gateway virus elimination (Optional); |
| Equipment Management | |
| Function | Description |
| Deployment mode |
Deployable via router, bridge, bypass and multi-bridge topologies, Active-Standby; Active-Active; |
 Device management |
Web based management access; functionality of different modules can be assigned to different administrators as needed, via a hierarchical management paradigm. |
| Strongest identification capabilities to enable visualization |
 User identification: Combines with LDAP, AD, Radius, and Proxy File type identification: Identify files by the content and features Website identification: Zvelo URL database (450million) HTTPs identification Application identification: DPI+DFI P2P intelligent identification |
| The most comprehensive and flexible controls to help managing the network the way you want |
|
Block/ Filter/Audit/Report/Alert Policies based on user/group/schedule/IP/application/website/content, etc. |
| Caching combines with bandwidth management to maximize bandwidth utilization and accelerate Internet access speed |
| Cache: High hit rate; High performance Bandwidth management: Accurate identification; Comprehensive and detailed flow controls |
| Multi-layer safe protection measures to ensure your network security |
| Terminal security detection Blocking risky page Malicious script and plug-in filtering Proxy Anti-DOS Anti-ARP Spoofing Firewall IPS Gateway anti-virus |
.jpg) |
SANGFOR Enhances Network Services for Holiday Inn
Holiday Inn Hong Kong has deployed SANGFOR Internet Access Management (IAM) appliance in its service network. Implementation of the IAM solution provides Holiday Inn with an extremely stable and flexible platform to continue offer an excellence service to its customers... |
 |
.jpg) |
JVC (Thailand) Audit Plan with the SANGFOR IAM Solution
Founded in 1927, JVC offers one of most comprehensive ranges of electronic products in the world. The company won the European In-Car Head Unit prize in EISA by developing the world's first full-coverage, high-res super hi-vision projector, which prompted the company's clients to vote JVC the leading supplier of electronic products... |
|
.jpg) |
SANGFOR IAM Solution for River Valley High School
Founded in 1956, River Valley High School (RVHS) was the first Chinese secondary school set up by the government in Singapore. Initially called Singapore Government Chinese Middle School when it was located at the premises of Seng Poh Primary School, it was renamed Queenstown Government Chinese Middle School after moving to Strathmore Avenue... |
|
.jpg) |
Traders Hotel Deploys SANGFOR IAM Solution
The Traders Hotel, Kuala Lumpur (affiliated to the Shangri-La Hotel Group),is located in the heart of the Kuala Lumpur City Centre (KLCC). An incredible location, the hotel gives direct access to the world class Kuala Lumpur Convention Centre, Suria KLCC and the famous Petronas Twin Towers – the ultimate business, convention, shopping and entertainment hub of Kuala Lumpur... |
|
.jpg) |
Triam Udom Suksa School Deploys SANGFOR IAM
Triam Udom Suksa School is a public school located in downtown Bangkok, Thailand. It admits upper-secondary students (mathayom 4–6, equivalent to grades 10–12) and has the largest yearly enrolment in the country. Founded in 1938 as a preparatory school for Chulalongkorn University, the school has long been regarded as one of the best secondary schools in Thailand, and attracts students from all over the country to sit its highly competitive entrance examinations... |
|
.jpg) |
SANGFOR Assists WINET to Improve Operators' Service Quality
Wi-Net Telecoms Sdn Bhd (Winet) is a licensed Network Service Provider (ISP). Issued by the Ministry of Information Communication & Culture, it has been awarded licenses both as a Network Facility Provider (NFP/I/2000/66) and as a Network Service Provider (NSP/I/2000/72)... |
|
| USB-Key authentication | ↑TOP |
SANGFOR DKey is a USB Key dual-factor identification hardware device for SOHO and mobile users, and it is applicable for secure access to IPSec VPN and SSL VPN client. This device stores the security policy device such as the VPN key and digital certificate in the device to provide the user with secure and convenient access to VPN. This device contains USB port, without the need of separate card reader, and it can provide secure VPN authentication simply by connecting USB port of the computer. With compact design, this device can be hung on the key chain conveniently, so the user can access VPN network securely anytime, anywhere. |
|
| Page forward | ↑TOP |
When the user is authenticated successfully, the user PC will be forwarded to the defined page from the authentication interface. |
|
| DPI | ↑TOP |
DPI refers to Deep PIAMket Inspection. “Deep” is a term in comparison with the message analysis hierarchy of common L2-L4 switch or router. L2-L4 switch/router analyzes only the IP packet below layer 4, including the source address, destination address, source port, destination port and protocol type, while in addition to these, DPI incorporates the application layer (feature) analysis, application identification, and even the content identification. |
|
| Intelligent P2P identification | ↑TOP |
This function is based on patented intelligent P2P identification technique to identify all P2P behaviors such as encrypted P2P, P2P variants of the same version and emerging P2P applications. |
|
| P2P variant | ↑TOP |
It refers to P2P not fully consistent with above-mentioned P2P type with minor protocol modification. |
|
| Unknown P2P | ↑TOP |
It refers to P2P which is based on but different with P2P protocol, and which does not emerge but may emerge. |
|
| Postponed Sending after Audit | ↑TOP |
The email which is not compliant with the email sending and receiving rule will be intercepted by the access behavior management device and forwarded to the administrator’s mailbox. The email will be sent after the administrator checks that the email content complies with the requirement, and will not be sent if the email is not compliant with the requirement. |
|
| URL library introduction | ↑TOP |
Our URL library includes different types as per the feature of webpage URL on Internet, such as news, employment, etc. For new webpage, we can use intelligent webpage identification technique to identify its type as per the feature of the webpage. |
|
| Antivirus engine introduction | ↑TOP |
The antivirus engine of IAM is based on F-Prot Antivirus to kill the worm, virus and Trojan horse coming from Internet. |
|
| Multiplexing | ↑TOP |
In case that IAM is deployed in the gateway, if there are multiple lines at the network exit, IAM can be connected to the multi-lines and also forwarded packets according to when one line is busy but another is idle, two lines can be used to increase the network speed. |
|
| Intelligent routing | ↑TOP |
In caste that IAM is deployed in the gateway, if there are multiple lines at the network exit, then IAM sends the detection packet to two lines, the line on which the packet is returned first will be used as the access line. |
|
| Audit-free Key | ↑TOP |
Once online behavior management device is deployed at the network exit, in addition to controlling the online behavior of intranet user, the audit to the network behavior of the user accounts for a large part of the device function; daily network access behavior of senior executives and decision makers in the intranet is likely to affect the confidentiality of the decision and future development plan, so usually, these behaviors should not be recorded and audited. Senior executives use this “Audit-free Key” to access Internet with any computer in the organization, and SANGFOR IAM device will not monitor and record the access. Once vicious IT administrator unchecks “Enable DKEY Monitor”, when senior executive inserts “Audit-free Key” in the computer again to access Internet, the device will give the alarm showing “The status of this Key has changed”, and prohibit the access to Internet, so this implements monitor-free function for sensitive users such as senior executives from the underlying layer of the device. |
|
| Log Check Key | ↑TOP |
The data recorded by IAM may involve the user privacy. In order to protect the benefit of the employee, we assign different privilege levels for viewing the data center. Common administrator can view only statistic report and trend report, while the administrator with KEY can view detailed information of the user accessing the network. |
|
| Single sign-on | ↑TOP |
The user is authenticated successfully when the user logs on the authentication server, without the need of entering username and password again. The user can pass other related authentication when the user logs on the authentication server by entering the password once, so this reduces the number of password entry, and reduces the risk of the password leakage. |
|
| ABOUT US | CONTACT US | ©2000- 2011 SANGFOR |