ClearOS is an integrated network server gateway solution for small and distributed organizations. The software provides all the necessary server tools to run an organization including email, anti-virus, anti-spam, file sharing, groupware, VPN, firewall, intrusion detection/prevention, content filtering, bandwidth management, multi-WAN, and more. You can think of it as a next generation small business server. Through the intuitive Web-based management console, an administrator can configure the server software along with integrated cloud-based services.
The Securepoint Unified Threat Management (UTM) security solutions provide all important security applications (firewall, VPN gateway, virus scanner, spam filter, Web filter, IDS, etc.) within a corresponding server environment, to ensure smooth updates of all systems and to make the everyday usage of these systems successful and secure for companies. They are available as UTM hardware appliances, as virtual appliances, and as a pure software solution which can be installed on standard computer systems and may be adjusted according to individual requirements. Securepoint is Windows 7-ready and supports IKEv1 and IKEv2.
Clement is an email server application. Its main function is to block unwanted mail (spam) as soon as possible in the email exchange process. It accepts or rejects email while the SMTP session, initiated by the email sender, is still pending, accepting legitimate email messages without the need to return an error status to non-existent or "borrowed" return address later. Clement can operate in two modes, either as a standard MTA (as sendmail, Postfix, Exim, Exchange, etc.) to store email in the recipient's own area, or to transmit the mail to an another SMTP server acting as smart spam filtering device. Each email domain name Clement knows about can be treated in one of these two modes depending on the group to which the domain name has been set. Each message is verified by a virus scanner (ClamAV) while the SMTP connection is still open, but the refusal of mail and the reason for refusal is notified to the actual sender. Mail management is done via a Web interface and can be delegated to three administrative levels (Root-Admin, Group-Admin, Domain-Admin). Standard users can access their own logs (sent email status, email rejected, quarantined email, etc.). With this interface, the user can handle the rejection and acceptance of mail. Users who are level "Admin" can access the session logs (via the Web interface). Clement uses a SQL database (PostgreSQL, MySQL) to store and manage logs, user profiles, and dynamic management of directives concerning the sender-receiver relationship.
Sphirewall is a user-centric analytical network firewall/router. Out-of-the box, it provides user authentication coupled with powerful analytics which provide you with complete control over your network and users. With Sphirewall, you can manage and understand what is happening on your network with features such as qos, bandwidth quotas, user authentication, and much more. Not built on iptables, it is able to do things which other Open Source firewalls can't. Its very flexible, and with its open JSON API, can easily be plugged into any existing environment.
CacheGuard Appliance is an all-in-one OS appliance providing firewall, antivirus, caching, compression, bandwidth allocation, load balancing, reverse and forward proxy, high availability, Web application firewall, URL guarding, and more. It can be purchased as an OS to install on your server, as an OS to run in a virtual machine, or as a hardware appliance.
Zentyal (formerly eBox Platform) is a small business server that offers small and medium businesses an affordable and easy-to-use enterprise-level computer network. It can act as a Gateway, Infrastructure Manager, Unified Threat Manager, Office Server, Unified Communication Server, or a combination of these.
Dowse eases the configuration of network routing for a local area network, starting from the setup of ARP-level static entries of known peers, IP-level firewall, DHCP configuration, and local DNS cache, up to an application layer transparent proxy and optional gateways to anonymous networks such as Tor and I2P. It consists of a minimalistic script which can run on any GNU/Linux box and which, from a central configuration point, controls Ebtables, Iptables, and all the daemons needed for such operations: DnsMasq, Squid2, and Privoxy. It comes with a module system for contributed add-ons like DNSCrypt-proxy and HTTPS-everywhere.
autofwd is an automated firewalling daemon intended to block hosts performing unwanted acts. While it was designed to be used to thwart hosts running dictionary attacks on logins (of any service), it can be used for just about anything. The external commands it runs are configurable, allowing you to take additional actions against offending hosts such as running an nmap OS fingerprint before firewalling, or just silently logging the event.
Jkaptive is a simple captive portal without RADIUS (and thus without total security, but at the same time without too much hassle). The reason behind this is because a lot of site administrators don't need tight security; their site is just a café that offers free Internet access on an unsecured WLAN access point connected to the Internet, and they need a ticketing system to make it cumbersome for average people to use this offering without actually buying a single coffee. Jkaptive itself just presents the login page and checks the token. The blocking of unticketed traffic is done through Linux' netfilter. As no proxy server is involved, jkaptive has no performance penalty, nor does it create problems with non-HTTP traffic. Once the token is accepted, jkaptive is out of the way of any network packets completely. For presenting the login page, jkaptive has a built-in Web server, so no additional Web server application is needed.