top of page
2351ab4a4e3f0463bf7df078f11f06b6f1ed8427_edited_edited.jpg

Products

 

TLS/SSL Decryption

ff77e3a4c5dff09f0fd2b8cc443623d7b886f788.png

NT-MBYP-2000

The Intelligent Traffic Hub for Modern Networks
Deploy inline with flexible service line cards – scale to any interface type or link count.
Core Capabilities:
• Traffic Orchestration
• Full-Flow Visibility
• TLS/SSL Decryption
Eliminate blind spots, boost tool performance, and streamline operations.

ccaee7c765ec7416aa5aa6038c527202e3ba21bb.png

Basic product functions

  • Inline Service Chaining

Dynamically route traffic through security toolchains. •Deploy physical bypass or logical inline topologies •Steer specific flows to designated security tools。

  • Smart Bypass Groups

Maintain uptime during maintenance or failures.
•Create custom bypass rules by VLAN, IPv4/IPv6
•Define policies using 5-tuple (IP/port/protocol) or UDF values

  • TLS/SSL Decryption Hub

Eliminate encrypted traffic blind spots.
•Decrypt static/dynamic SSL traffic inline
•Send cleartext to tools + re-encrypt for production
•Mirror decrypted data to out-of-band analyzers

  • Flex Traffic Mirroring

Capture critical flows without disruption.
•Mirror inline traffic from any port
•Zero impact on production paths

  • Self-Healing Load Balancing

Maximize tool efficiency.
•Distribute traffic across N monitor groups
•Auto-remove/recover failed members
•Weighted port allocation

  • Surgical Traffic Blocking

Neutralize threats instantly.
•Drop malicious flows by IPv4/IPv6
•Enforce 5-tuple blocking policies

  • Proactive Health Monitoring

Eliminate encrypted traffic blind spots.
•Decrypt static/dynamic SSL traffic inline
•Send cleartext to tools + re-encrypt for production
•Mirror decrypted data to out-of-band analyzers 

  • SepcFlow Performance Guard

Protect tool resources.
•Forward only relevant traffic to tools
•Bypass non-essential flows

  • Tunnel Protocol Identification

It can automatically identify various tunnel protocols such as VxLAN, GRE, ERSPAN, MPLS,IPinIP, GTP, etc. According to user configuration, it can decide to implement traffic output policies based on the inner or outer layer characteristics of the tunnel. 

  • De-duplication

Support comparison of data from multiple collection sources based on port or policy-level
statistical granularity, and remove duplicates of the same data packets collected within a
specified time.ack, dst.mac, src.mac, vlan.id) for comparison to achieve de-duplication. 

  • Masking

Support the replacement of any key fields within the original data based on policy-level
granularity to achieve the purpose of masking sensitive information. The implementation
of traffic output policies can be determined according to user configuration. 

  • Application layer protocol identification

It adopts a multi-core intelligent processing engine, which can achieve application layer
protocol identification and filtering diversion output. The existing feature library can support
the identification of common application layer protocols, such as FTP, HTTP, POP, SMTP,
DNS, NTP, BitTorrent, Syslog, MySQL, MSSQL, etc. If there are special requirements,
secondary development can also be carried out. 

  • Video stream filtering

Support the identification and filtering of video stream data. Through flexible identification and
matching methods such as domain name address resolution, video transmission protocol, URL,
video format, etc., it can filter out the video stream data that users do not care about, reducing
the traffic receiving pressure of the analysis and monitoring system and improving the processing
efficiency of useful data. 

bottom of page