LAN Security

Devices designed to provide protection against the most advanced cyber threats

Screenshot 2019-10-12 at 14.10.11.png


Ultra Horizon can provide devices that protect the network from some of the most advanced cyber threats including viruses, worms, spyware and other malicious traffic. In addition, all devices support sandboxing, This provides detailed testing of suspected payloads in a restricted environment to enable detection of malicious intent without risk of infection.


Many solutions deployed rely on application detection via inspection of transport protocol and port number. For example, HTTPS (TCP, 443). This means that applications can fool DPI firewalls into misclassifying traffic by changing this tuple of parameters. Our solutions rely on L7 inspection and regular expression matching to distinguish applications; preventing misclassification.

unified interface

All security devices are managed through a simple, but expressive web interface designed to provide an intuitive layout and real time threat metrics to the user. This allows system administrators to make important changes quickly without having to rely on a command line interface to perform complex tasks.

user identification

Administrators can configure and enforce policies based on users and user groups (e.g. Guest, Staff etc…) instead of or in addition to network address blocks. This is accomplished by integrations with directory servers such as Microsoft Active Directory, eDirectory, SunOne, OpenLDAP and most other LDAP-based directory servers to provide user and group information to the devices. This information can be further utilised to permit/deny certain traffic characteristics to user groups. For example, one may wish to deny social media applications for staff, but permit it for guests.


All security devices provided by Ultra Horizon operate in Layer 2 transparent mode. This means that the firewall itself does not act as a router at Layer 3, but instead forwards Layer 2 frames like a switch. This means that our devices can be easily integrated into almost any network configuration and is usually placed between a core/aggregation switch and edge device. This allows the device to analyse all traffic to and from the wider Internet, whilst leaving internal inter-VLAN traffic unmonitored to preserve network performance.