FMA Intel-Secure: SabreWall NG100 SACS (Secure Access Control Server)

[Nico@FMA]

Hello MalwareTips, Friends and Computer Freaks.

Today i would like to take the opportunity to unveil our newest product for small and medium business.
Allow me to introduce: FMA Intel-Secure SabreWall NG100 SACS (Secure Access Control Server)

O yes meet our own SACS product.

Features:

- Dragon NG-PPA Network Firewall
IPS (Intrusion Prevention System), IDS (Intrusion Detection System), TRS (Threat Recovery System), DLP (Data Leak Prevention), (USE) Unique Stream Encryption.

- EYE (CBAD) Threat Prevention & Detection
Full Anti-malware protection, Full Anti-spam protection, Full Web security, Device protection, Application protection.

- Session & ID Access Control
Device Access Control, Application Access Control, Traffic Access Control, Server Access Control, Rule Based Policy Enforcing Control, 3 Way Access Security and Management Panel , Session Token Control and Management.

- Active Threat Mitigation (TAM)
TAM will act upon any Threat detected within the Network based upon predefined Threat Mitigation Protocols.

- Secure Operating System (MATU-Debian)
SabreWall is using our own MATU operating system (Debian based) to provide a secure internal OS and management server. It allows you to tweak any setting within a fully fledged and highly secured admin panel. It allows you to review any connected device and remote manage it. Next to that it allows you to review all logbooks and roll back any action in real-time.

- Additional basic features:
VPN Support: (IPsec, L2TP/PPTP, IKEv2, SSL-VPN)
Load Balancing: Content distribution, filtering and load balancing.
Gateway: Secure SSL/TLS gateway
VM Support: VMware vSphere, XEN, KVM etc.
Routing: BGP, MPLS or OSPF
Internal Hardware: Quad-Xeon 2.4Ghz (3Ghz Burst), 16GB Ram 500gb SATA Disk
Internal Communications: AES-192/256 Channel Encryption
**5x Secured Internal Communication Channels (SICC): (AES Secured + Session Based & Policy & Rule Managed)
** See channel info below.

Channel 1: Critical Firmware & OS communications (100% isolated and AES-256 secured)
This channel is strictly closed and limited to device communications and cannot be accessed from the network or internet. This is a NON-Human channel.

Channel 2: Network security software delivery (50/50 (open/closed) only accessible from a client PC and isolated from external source and cannot be accessed trough the internet AES-256 secured secured. This channel is only open to internal traffic but closed off from all other channels.

Channel 3: Industry level 1 Communications (Server to client 2 way + PPA internet access) AES-256 secured. This channel has full encrypted internet access and delivers secured traffic between several networks internal and external.

Channel 4: Industry level 2 Communications (Client to Client 2 way + Policy & rule based internet access and daily routine data exchange AES-192 secured)
This channel is basically your normal internet access channel, yet it is fully policy and rule based you can freely access the network within the predefined parameters set by the administrator and every client computer is end point protected by the server.

Channel 5: Threat Mitigation Channel (Only for security communications between security applications and devices) This channel is only used by the security system itself in case of DDos or any other detected threat. In other words if a full Ddos is hammering the network then other channels are not affected. This channel also monitors the network and all applications and devices connected to it and takes Threat Mitigation actions where needed. It has full access to any part of the network (except channel 1) yet it cannot be accessed by either the internet or intranet and is fully AES-256 secured.

50 Gbps firewall throughput (App-ID, App-Control, App-Session).
25 Gbps threat prevention throughput. (Active Threat Response & Passive Threat Response)
15 Gbps IPSec VPN throughput, 4,000,000 unique sessions, 250,000 new sessions per second.
10,000 IPSec VPN tunnels/tunnel interfaces, 20,000 SSL VPN Users, 250 virtual routers and zero config 50/225 virtual systems.
1500 security zones, 75.000 max number of policies, 25.000 Static Firewall Access Rules, 30.000 Dynamic Firewall Access Rules.
Full DDos Mitigation up to 250Gbps Sustained and up to 750Gbps Burst

As you can see this is not a toy, but its certainly eye candy to anyone knowing what they are talking about.
SabreWall will provide a 8 layer protection and full network / administration management capability.
Local firewalls or Antivirus are not needed anymore as during each session SabreWall will take care of all communications from A to B and monitoring any aspect of the network and its connected devices, taking actions where needed.
Industrial Network Security made simple.

Also interesting to know is that our CCSU Application and Engine has been added to the SabreWall SACS to provide a module that allows easy forensic access to all segments of the whole network, and this is kinda unique because any firewall can be broken, yet most similar systems have a rather minimal logging ability. Yet our SACS has full logging capability and the system itself cannot be tampered with as it requires a USB Key without this key you cannot access, or make any changes to the system. Our own MATU OS is custom build and fully encrypted.
Making changes to the system using hacks and such kind of practices would be near impossible even for a person on the inside.

For those who are wondering, NO we did not design, develop and produce the hardware and casing.
This is done by a third party and partner. However all software has been developed by FMA Intel-Secure.
And see the result....

Topic last updated: 13 July 2015

 

[Cats-4_Owners-2]

Oh Boy, Nico, this is very impressive. Well done.
I feel smarter (& safer) just from reading it's descriptions!

 

[Nico@FMA]

Oh Boy, Nico, this is very impressive. Well done.
I feel smarter (& safer) just from reading it's descriptions!

Thanks man.

@All so what you think guys?

 

[frogboy]

What can i say but i think it rocks, it sure sounds impressive.

 

[Deleted member 178]

look nice, remind me Sophos UTM Ngen stuff

 

[jamescv7]

Seems a very good alternative from the known products, in detailed and surely a catchy for those business security concerns. Time to recognized those newly players.

 

[JM Safe]

It seems an excellent project, and a good product.
Congrats and thanks for your work

 

[Secondmineboy]

How about a model with a buit better hardware?

How much would this server rack cost?

 

[Cch123]

Sounds like its beyond the reach of home users

 

[Nico@FMA]

look nice, remind me Sophos UTM Ngen stuff

Sophos UTM is great yet SabreWall is far more advanced then traditional UTM based systems.
Sophos UTM systems are based to do one or 2 things, SabreWall is designed to can do it all (Install, Config and Forget)
The idea is to have a rack taking care of all your security needs and replace client side security totally by having a 360 secured network.

Seems a very good alternative from the known products, in detailed and surely a catchy for those business security concerns. Time to recognized those newly players.

Thanks m8 yeah this beauty is a nice addition and will look smart anywhere.

How about a model with a buit better hardware?
How much would this server rack cost?

Uhhmm WHAT!!! are you talking about buddy? Better hardware? lmao it has a Quad Xeon in it, keep in mind this is next to a gateway type firewall, its also a Secure Access Control Server. You seem to forget that whole data-centers and server racks run on QUAD Xeons and let me tell you this thing is a beast (It handles more data per second then 100 clones of your current computer does a day) let me get the facts here.

50 Gbps firewall throughput (App-ID, App-Control, App-Session).
25 Gbps threat prevention throughput. (Active Threat Response & Passive Threat Response)
15 Gbps IPSec VPN throughput, 4,000,000 unique sessions, 250,000 new sessions per second.
10,000 IPSec VPN tunnels/tunnel interfaces, 20,000 SSL VPN Users, 250 virtual routers and zero config 50/225 virtual systems.
1500 security zones, 75.000 max number of policies, 25.000 Static Firewall Access Rules, 30.000 Dynamic Firewall Access Rules.
Full DDos Mitigation up to 250Gbps Sustained and up to 750Gbps Burst.

And have i told you already that each rack can be linked? pooling all the resources and have the whole rack itself act like one.
What would this cost? that's simple it costs just enough to be taken serious, and its just cheap enough to make it attractive. But i will not lie this is a small business / medium business high performance rack and its expensive to yet keep in mind it handles more data then 5 normal racks which combined would cost way more. But the price tag will be around 3.5k bare bone.

Where 1 company needs 5 of these racks lets say Cisco or Juniper then SabreWall can handle the same task and load alone.
No seriously ask anyone here on MT to explain you what this thing is and what its features are.

Sounds like its beyond the reach of home users

Yes our SabreWall NG100 SACS is industrial grade and will probably never be deployed in a home environment unless someone is planning to have their own data-center of some sort at home. However we are working on a home router and while not the same it will make D-Link, Cisco and LinkS routers look like amateurs. That said we are having problems finding a hardware supplier that would design a router according to our specifications, so needless to say we are still talking to some brands. The price tag of such home router will be anywhere from 50 up to 150 Euro, depending on what versions and features we will put into it. But as i said before that is still hypothetical at this point.


@All others,
We worked so hard and invested so much cash and time in this that i can say right here right now the full development of this product is a ones in a lifetime project. And to be honest i am so goddamn proud.. and scared at the same time.
There is no doubt in my mind that this SACS system will do great, capability wise the NG100 has so much to offer and we made it in such way that within its own respective class it has no rival (capacity wise) In terms of all the security certification and testing we are going trough the rounds and processes to certify our SACS system and since we designed the system in such way that it by default has the latest standards, getting the certifications is a slow process yet just a formality.
In the near future if everything works out we will have a NG50 (Small business) and now the current NG100 (Medium business) and a NG150 (Big Business) and a NG1000 Data-center edition.
But as said that is all future music, right now the only thing i want is to get all the certifications going and have this SACS in full production.
We have our fully working Demo NG100 installed at a Dutch multinational company and so far the results are just spectacular.
But i have to be realistic and be patient here, taking one step at a time because mistakes are easy made, but in this stage of my game impossible to correct without suffering serious problems.
But yeah guys, it has been silent for weeks having my second child doing all the stuff i am doing.. and here i am.
Also interesting to know is that our CCSU Application and Engine has been added to the SabreWall SACS to provide a module that allows easy forensic access to all segments of the whole network, and this is kinda unique because any firewall can be broken, yet most similar systems have a rather minimal logging ability. Yet our SACS has full logging capability and the system itself cannot be tampered with as it requires a USB Key without this key you cannot access, or make any changes to the system. Our own MATU OS is custom build and fully encrypted.
Making changes to the system using hacks and such kind of practices would be near impossible even for a person on the inside.
That said as you can see i have full reasons to be as happy as a kid with a box of candy.
Thanks again for all the comments, if you got questions or additional comments please share it here on the MT topic as i am dying to see what you all think about this.

Cheers

 

[Plasmadragon]

Legitimately amazed at the extent at which FMA Intel Secure is taking the security of its customers whether it be home, commercial, or industrial, to the next level at such a fantastic price level. The features mentioned:

50 Gbps firewall throughput (App-ID, App-Control, App-Session).
25 Gbps threat prevention throughput. (Active Threat Response & Passive Threat Response)
15 Gbps IPSec VPN throughput, 4,000,000 unique sessions, 250,000 new sessions per second.
10,000 IPSec VPN tunnels/tunnel interfaces, 20,000 SSL VPN Users, 250 virtual routers and zero config 50/225 virtual systems.
1500 security zones, 75.000 max number of policies, 25.000 Static Firewall Access Rules, 30.000 Dynamic Firewall Access Rules.
Full DDos Mitigation up to 250Gbps Sustained and up to 750Gbps Burst.

And have i told you already that each rack can be linked? pooling all the resources and have the whole rack itself act like one.
What would this cost? that's simple it costs just enough to be taken serious, and its just cheap enough to make it attractive. But i will not lie this is a small business / medium business high performance rack and its expensive to yet keep in mind it handles more data then 5 normal racks which combined would cost way more. But the price tag will be around 3.5k bare bone.

@All others,
Our own MATU OS is custom build and fully encrypted.

Today i would like to take the opportunity to unveil our newest product for small and medium business.
Allow me to introduce: FMA Intel-Secure SabreWall NG100 SACS (Secure Access Control Server)

Meet our own SACS product.

Features:

- Dragon NG-PPA Network Firewall
IPS (Intrusion Prevention System), IDS (Intrusion Detection System), TRS (Threat Recovery System), DLP (Data Leak Prevention), (USE) Unique Stream Encryption.

- EYE (CBAD) Threat Prevention & Detection
Full Anti-malware protection, Full Anti-spam protection, Full Web security, Device protection, Application protection.

- Session & ID Access Control
Device Access Control, Application Access Control, Traffic Access Control, Server Access Control, Rule Based Policy Enforcing Control, 3 Way Access Security and Management Panel , Session Token Control and Management.

- Active Threat Mitigation (TAM)
TAM will act upon any Threat detected within the Network based upon predefined Threat Mitigation Protocols.

- Secure Operating System (MATU-Debian)
SabreWall is using our own MATU operating system (Debian based) to provide a secure internal OS and management server. It allows you to tweak any setting within a fully fledged and highly secured admin panel. It allows you to review any connected device and remote manage it. Next to that it allows you to review all logbooks and roll back any action in real-time.

- Additional basic features:
VPN Support: (IPsec, L2TP/PPTP, IKEv2, SSL-VPN)
Load Balancing: Content distribution, filtering and load balancing.
Gateway: Secure SSL/TLS gateway
VM Support: VMware vSphere, XEN, KVM etc.
Routing: BGP, MPLS or OSPF
Internal Hardware: Quad-Xeon 3Ghz, 16GB Ram 500gb SATA Disk

SabreWall will provide a 8 layer protection and full network / administration management capability.
Local firewalls or Antivirus are not needed anymore as during each session SabreWall will take care of all communications from A to B and monitoring any aspect of the network and its connected devices, taking actions where needed.
Industrial Network Security made simple.
To be continued.

Just take a minute and let what Nico has said sink in. Not only does this server provide the processing power to handle all your communications needs at speeds that simply are not rivaled by anything less than industrial grade setups; it does that while protecting the end users with completely custom network protection firewalls, active threat mitigation protocols, a debian based custom firmware OS and so much more.

From my experience with FMA Intel Secure so far, I am excited to see all products in their production ready forms and cannot wait to see what they come up with next for the security industry. @Nico@FMA , job well done.

Let us not forget that this new custom server, the NG100 SACS as FMA refers to it, is implementing software that is already available for home users and business users alike to download and test the capabilities of the extensive internal logging of the CCSU PR-Guard and the EYE Anti-Malware utility.

What excites me the most about this and all products of FMA is how interconnected and easy to use each of the tools are, and to the Nth degree at which they lay out everything the system is doing at any given moment. I sincerely hope that in the coming days the hinted at home router will be put into development and available for purchase as soon as this time next year. No question in my mind IF I will be purchasing such a device, but WHEN I will be.

As for the server, while I personally don't have a direct use for it yet, damned if I am not tempted to buy one to set up as my personal server to forward all traffic through no matter what system I connect to.

 

[Nico@FMA]

Anyway guys i really would like to know what guys like @Umbra @Huracan @exterminator20 and other "more" knowledgeable people think about it maybe someone is willing to explain it features more in detail for those who do not know how such system works.
I really would like to ask everyone else to have a realistic look at the home router and tell me what they lack? or where they fail or what they would like to see changed. Remember i mentioned that we are trying to come up with a home router version, but i refuse to develop a standard 12 in a box variant, because brands like Cisco, LinkS and many other well known names have that already covered.
If i where to develop a home version which we are probably going to do. (Yes we will!!) i want it to offer something good, robust but simple.
So any idea's and such are most welcome.

Cheers

 

[souhrid]

Looks great, best wishes for your new project. This server is much are beyond my limited knowledge, I have only seen some old models of cisco servers in racks.

 

[Nico@FMA]

Looks great, best wishes for your new project. This server is much are beyond my limited knowledge, I have only seen some old models of cisco servers in racks.

Thanks.

 

[Deleted member 21043]

Hello @Nico@FMA, I think what you are making is great, and I am sure you have interested a lot of people.

Firstly, the name "SabreWall" is great and creative, how long did it take you to come up with this name? It's not a name I'd expect for such a product, which is why it's creative, and sometimes being a bit "different" is great, because if everything was the same, it'd be boring. The title SACS (Secure And Control Server) is also great, and hints towards what the product actually is, which is also another great thing. There's nothing I dislike more than a product with a title which I don't like much - you my friend have got it spot on with the titles for your product, good work there!

Moving onto a more serious side of things, I am interested in the capabilities of the product overall. After reading through the thread thoroughly, I am impressed. The fact that it supports up to 250Gbps for DDOS mitgation is great on it's own, however there is much more to the product as explained above by you. I like the fact that you are currently developing your own Operating System (based on Debian), which is also good in terms of security as you can secure it all up and allow the customer to modify specific things for their needs.

Speaking on the hardware terms, I think so far it looks good. Quad-Xeon 3Ghz should be good enough, 12GB RAM should be okay and 500GB SATA HDD should be fine. Usually, I like as much memory and hard disk space as I can afford (and of course the best processor), but really, it should be fine. Out of interest, in the future, do you think there will be a newer model with even better hardware? (don't take that question the wrong way, I am not saying the hardware you are currently going to be using for the product is bad, but I mean, say someone really needed better specs, would it be available to them)? Maybe a good idea could be a custom-request product, where a company can contact you and request a custom-made model with the chosen hardware components from their side, and then you can give them the price required for you and your team to take upon the job. That'd probably work out well, say on case somebody liked your product but wanted to toggle the hardware components from your side of the job.

As far as I am aware, the old CBAD previews we saw earlier in the past were quite good, however of course then there was that hiccup which set you back a lot, I really hope the EYE (CBAD) Threat Prevention and Detection will be just as good as the really old previews I once saw.

As far as usage for home users, I would personally focus on enterprises to start off... And then maybe in the future a model for home users (as we all know, there are probably many home users who could benefit from it all), however I've already read comments about a router for home users in the comments, therefore it would probably be a better choice to focus on that for the home users.

If you've got this far (or if not, when you have), I have absolutely no doubt that TAM (Active Threat Migitation - did you mean ATM?) will work successfully and very well to the threats detected (if any).

I also like other aspects such as the Virtual Machine support (for me this is a must), Secure Socket Layer (SSL) support (also a must, I like enhanced encryption). I pretty much like it all, so really good work there. You grabbed my attention, these days I don't have my attention grabbed by many individuals/companies.

I really think that this product of yours will succeed, at the launch of the product and in the future when any newer models are created with improvements. Keep up the amazing work, I look forward to all your work unveil one day and then it all rewarding back to you, since you are putting a lot of hard work into all of your products, and in the long run, everything should go smooth and great - I know you have been working incredibly hard for years, you deserve the grand success, just make sure not to forget about the Windows-based software!

Cheers.

 

[Cats-4_Owners-2]

Hello @Nico@FMA, I'll offer a somewhat less knowledgeable 'hands on router' viewpoint as (imho) users of home routers here in the US, for the most part, neither consciously choose nor possess a working knowledge of what we want nor what we'd need as ISPs provide 'their' routers we are O-So-Happy to receive. From a mentality of the masses, amidst corporate mergers such as DishTV & AT&T, interest peaks among enthusiasts (I include myself in this group) for your better than anything currently available now protections. Cost too often becomes the deciding factor on the side of development on top of more knowing clients' demands. Most simply accept whichever wonderfully wireless router we are assigned which places both choice (lack of) & quality (level of protection) into a dimly forgotten place of secondary consideration. Here is where I recall @Umbra sharing that he tweaks his Semantec Endpoint Security in a Super Hero Bullet Proof Fashion respectively as you!
Not being an engineer, my vision reaches toward placing your unique software into a familiar casing. If it is even possible, rather than a complete & stand alone home router, perhaps it could be possible to fashion a small(-er) thus less costly unit which would essentially be in place as a juncture point (before or after) the incoming/out going information passes through an already in place/commonly distributed home modem.
My thinking is it might be both more feasibly executed & less expensive to purchase. adding something self-contained which would significantly add to the performance & efficiency of a "race car" rather than exchanging out the formula auto's suspension, you would be adding your superior handling tires, wheels, & rollbar cage (YOUR router for home computers).

 

[Deleted member 178]

damn, when @kram7750 post , there is not much to say after

i wish i could buy one lol

i guess if you do a Home User router, wifi access should be included and really really tighten. Having a strong router but using a wifi hub or modem is reducing the security of the whole network. not saying a home user is not sure to be able to configure your router and a wifi modem/router.

 

[Nico@FMA]

Legitimately amazed at the extent at which FMA Intel Secure is taking the security of its customers whether it be home, commercial, or industrial, to the next level at such a fantastic price level. The features mentioned:

Just take a minute and let what Nico has said sink in. Not only does this server provide the processing power to handle all your communications needs at speeds that simply are not rivaled by anything less than industrial grade setups; it does that while protecting the end users with completely custom network protection firewalls, active threat mitigation protocols, a debian based custom firmware OS and so much more.

From my experience with FMA Intel Secure so far, I am excited to see all products in their production ready forms and cannot wait to see what they come up with next for the security industry. @Nico@FMA , job well done.

Let us not forget that this new custom server, the NG100 SACS as FMA refers to it, is implementing software that is already available for home users and business users alike to download and test the capabilities of the extensive internal logging of the CCSU PR-Guard and the EYE Anti-Malware utility.

What excites me the most about this and all products of FMA is how interconnected and easy to use each of the tools are, and to the Nth degree at which they lay out everything the system is doing at any given moment. I sincerely hope that in the coming days the hinted at home router will be put into development and available for purchase as soon as this time next year. No question in my mind IF I will be purchasing such a device, but WHEN I will be.

As for the server, while I personally don't have a direct use for it yet, damned if I am not tempted to buy one to set up as my personal server to forward all traffic through no matter what system I connect to.

Holy jeepers creepers, with words like this you can sell a Eskimo ice. You just sold me my own product...
Thanks so much for the kind words.
Kind Regards,
Nico

Hello @Nico@FMA, I think what you are making is great, and I am sure you have interested a lot of people.

Firstly, the name "SabreWall" is great and creative, how long did it take you to come up with this name? It's not a name I'd expect for such a product, which is why it's creative, and sometimes being a bit "different" is great, because if everything was the same, it'd be boring. The title SACS (Secure And Control Server) is also great, and hints towards what the product actually is, which is also another great thing. There's nothing I dislike more than a product with a title which I don't like much - you my friend have got it spot on with the titles for your product, good work there!

Moving onto a more serious side of things, I am interested in the capabilities of the product overall. After reading through the thread thoroughly, I am impressed. The fact that it supports up to 250Gbps for DDOS mitigation is great on it's own, however there is much more to the product as explained above by you. I like the fact that you are currently developing your own Operating System (based on Debian), which is also good in terms of security as you can secure it all up and allow the customer to modify specific things for their needs.

Speaking on the hardware terms, I think so far it looks good. Quad-Xeon 3Ghz should be good enough, 12GB RAM should be okay and 500GB SATA HDD should be fine. Usually, I like as much memory and hard disk space as I can afford (and of course the best processor), but really, it should be fine. Out of interest, in the future, do you think there will be a newer model with even better hardware? (don't take that question the wrong way, I am not saying the hardware you are currently going to be using for the product is bad, but I mean, say someone really needed better specs, would it be available to them)? Maybe a good idea could be a custom-request product, where a company can contact you and request a custom-made model with the chosen hardware components from their side, and then you can give them the price required for you and your team to take upon the job. That'd probably work out well, say on case somebody liked your product but wanted to toggle the hardware components from your side of the job.

As far as I am aware, the old CBAD previews we saw earlier in the past were quite good, however of course then there was that hiccup which set you back a lot, I really hope the EYE (CBAD) Threat Prevention and Detection will be just as good as the really old previews I once saw.
As far as usage for home users, I would personally focus on enterprises to start off... And then maybe in the future a model for home users (as we all know, there are probably many home users who could benefit from it all), however I've already read comments about a router for home users in the comments, therefore it would probably be a better choice to focus on that for the home users.

If you've got this far (or if not, when you have), I have absolutely no doubt that TAM (Active Threat Migitation - did you mean ATM?) will work successfully and very well to the threats detected (if any).

I also like other aspects such as the Virtual Machine support (for me this is a must), Secure Socket Layer (SSL) support (also a must, I like enhanced encryption). I pretty much like it all, so really good work there. You grabbed my attention, these days I don't have my attention grabbed by many individuals/companies.

I really think that this product of yours will succeed, at the launch of the product and in the future when any newer models are created with improvements. Keep up the amazing work, I look forward to all your work unveil one day and then it all rewarding back to you, since you are putting a lot of hard work into all of your products, and in the long run, everything should go smooth and great - I know you have been working incredibly hard for years, you deserve the grand success, just make sure not to forget about the Windows-based software!

Cheers.

in the future, do you think there will be a newer model with even better hardware?
Yes when the Xeon server CPU line is being replaced by something better then we will consider a change. However at this particular point there is not a single server CPU on the market that can outmatch a Xeon. Hence why 90% of the worlds servers are running Xeon's.
It is true that a i7 would be great, yet this is a extremely fast computer oriented CPU, putting a i7 into a server would decrease its performance greatly as the architecture of the CPU itself is not developed with servers in mind. And as such a Xeon specially the latest generations of these server oriented CPU's will smoke any i7 in virtually every aspect.
This is not because a Xeon is better then the i7 but this is because the Xeon line has been made purely with servers in mind.
So while a Xeon might have a slower speed, its stepping and data capacity processing power is so much higher then any i7 based CPU.
Also the handle-ling of registered RAM is much more efficient not to mention the power usage. Keep in mind the SabreWall comes with a 1500W power supply, adding a i7 would greatly increase the cost of energy usage not to mention that the overall manufacturing cost would increase greatly, yet its overall performance would drop at least 40%. So hence we went with the Xeon line.
Also our OS (MATU) is basically just a firmware OS and a control panel so while its called a OS it has NONE of a true OS capabilities.
It is just the portal that allows a easy to use GUI and a centralized place to config and maintain/operate the NG100.
And as such all the raw power of the CPU, RAM and HDD will be put into data processing of the NG100 itself. And this is exactly why the NG100 has that much capability, i am you need some serious processing power to be able to handle the amount of sessions and requests when a device like the NG100 is being deployed in the real world. Failure is not a option. So you need that RAW power to be able to handle scenario's that cannot be simulated in a testing environment, yet they will happen in the real world.

how long did it take you to come up with this name?
To be honest? The name was already born before we even did think about making this product.

TAM (Active Threat Mitigation - did you mean ATM?)
ATM is seriously copyrighted, i cannot use that name. So hence we called it TAM.

Anyway thanks so much for the boosting and kind words.

Kind Regards
Nico

Hello @Nico@FMA, I'll offer a somewhat less knowledgeable 'hands on router' viewpoint as (imho) users of home routers here in the US, for the most part, neither consciously choose nor possess a working knowledge of what we want nor what we'd need as ISPs provide 'their' routers we are O-So-Happy to receive. From a mentality of the masses, amidst corporate mergers such as DishTV & AT&T, interest peaks among enthusiasts (I include myself in this group) for your better than anything currently available now protections. Cost too often becomes the deciding factor on the side of development on top of more knowing clients' demands. Most simply accept whichever wonderfully wireless router we are assigned which places both choice (lack of) & quality (level of protection) into a dimly forgotten place of secondary consideration. Here is where I recall @Umbra sharing that he tweaks his Semantec Endpoint Security in a Super Hero Bullet Proof Fashion respectively as you!
Not being an engineer, my vision reaches toward placing your unique software into a familiar casing. If it is even possible, rather than a complete & stand alone home router, perhaps it could be possible to fashion a small(-er) thus less costly unit which would essentially be in place as a juncture point (before or after) the incoming/out going information passes through an already in place/commonly distributed home modem.
My thinking is it might be both more feasibly executed & less expensive to purchase. adding something self-contained which would significantly add to the performance & efficiency of a "race car" rather than exchanging out the formula auto's suspension, you would be adding your superior handling tires, wheels, & rollbar cage (YOUR router for home computers).

Well as said before we are seriously thinking about developing a home based router yet keeping the NG100 principal applied.
However we are lacking a manufacturer at this point that can produce a product within a certain budget and with the specifications we have in mind. Talks with potential brands are underway and while there is a BIG brand who has shown serious interest we still have to agree on the price margin, something that is far more on the foreground then with the NG100. The margin of the NG100 being a expensive product is much more flexible and suitable for everyone involved then you would have with a cheap home version.
And here is the thing, i could go with some semi Asian white label brands, but like the NG100 i choose quality, performance, reliability and more importantly capability and capacity with future upgrades in mind.
So add all these things into the mix and you understand that like the Greek negotiations i do have my own battle to fight where all parties on the table have to agree, and so far i just do not like the current suggestions on the table. I want a better deal not so much for me, but more for my clients. I do want to bring a good product and not just another so so device.

Kind Regards,
Nico

damn, when @kram7750 post , there is not much to say after
i wish i could buy one lol
i guess if you do a Home User router, wifi access should be included and really really tighten. Having a strong router but using a wifi hub or modem is reducing the security of the whole network. not saying a home user is not sure to be able to configure your router and a wifi modem/router.

WIFI is a optional thing that the NG100 would support with a few little tweaks, yet none in the industry would use a device like that. So we left it completely out.
The mentioned home version would obviously have WIFI support yet as mentioned before its all future music at this point.
So in terms of specifications i would deffo move towards performance, security and being easy to use.
However such abilities for such a small product is hard to come by. It might sound funny but building the NG100 could be considered as a joke, because the internal tuning leaves some room to play around. Yet having a home version but then much smaller is much harder as other factors come into play like being user friendly and we all know that security and being user friendly is not a great mix.
So yeah we got to see what we are going to do. At this point i could yell all kind of idea's but my focus is now on the NG100 and our software projects, and when things settle down and we are able to make up the balance then we can see whats next.

Cheers buddy.

@All others thanks for the kind comments, if you got questions or comments please let me know.

 

[Rolo]

Yes but Comodo Firewall is better!

<ducks>

 

[Nico@FMA]

Yes but Comodo Firewall is better!

<ducks>

Ohh really? since when is a hardware firewall inferior to a software firewall? Keep in mind the SabreWall NG100 is Industry/military grade featuring (AES-256 Channel Encryption which is a NATO Standard).
With all respect but i would challenge ANY software firewall to do what a average hardware firewall can do.
Or a H-FW based upon the latest standard like the NG100.

Good luck trying lmao <No ducking needed>