Home Home Services Products Company


TRY NOW Call: +852.2586.1100 Internet Access Management (IAM) Functions Advantages Technologies Technologes
DPI (Deep Packet Inspection)
DPI, Deep Packet Inspection, is used to identify and categorize the application type of data flow applications whatever the IP or Port the applications are using. By detecting layer2 to layer7 which includes headers and data protocol structures, application signature as well as the actual payload of the message, DPI enables IAM to offer accurate identification and effective controls over various applications.
DFI (Deep Flow Inspection)
For applications that are particularly evasive, such as streaming-typed applications, which cannot be effectively identified through Deep Packet Inspection, can be identified by the Deep Flow Inspection. DFI inspects the session, connection and data flow status, rather than a single packet to identify the application type, offering great benefits to control over applications that usually have particular activity characteristics.
Content Log
The IAM’s unique content log feature enables organization to get full visibility to the Internet access and also can be used as internal audit in case of data leakage via Internet.
IAM records a wide variety of Internet access related content information including: Website title and webpage using http or https, outbound file transmissions via HTTP and FTP, file content, names and behavior of files downloaded, plain text thread posting and emails, chat sessions on MSN, MSN Shell, Skype, Yahoo! Messenger, Google Talk …etc.
External Datacenter
In addition to use the on device storage, IAM allows activities logs to be saved on 3rd party server to extend the storage capacity and duration. The simple to use GUI make it easy to search the log content, generate statistic and auto reports.

IAM data center search engine, function similar to Google search engine and Yahoo search engine, is provided for administrators to search their desired contents from the logs easily; search result of specific key words can also be set to send to the appointed email automatically.
For organization which implemented LDAP, AD, POP3, Proxy servers as user authentication, IAM supports seamlessly integration with these third-party servers for easy user administration. The implementation is easy with just several simple steps.

With SSO enabled, when user gets authenticated, he /she will be authenticated with IAM  simultaneously. This feature can simplify IT administration and reduce phishing success of users.
Web Filter
IAM performs web filtering through keyword-based, activity-based and URL database approaches:

Keyword-based filter: Webpage filtering based on URL/keyword contained in Webpage /search engine keyword; Outbound Webmail and Web posting filtering based on keywords, etc.;

Activity-based filter: Fine-grained control such as allowing only reading post but not posting post, only allowing incoming but not outgoing mail, and allowed to access the Facebook page but restricted to access the applications on the Facebook;

URL Database: Optional URL database – on-disk URL database, in-cloud URL database, Blue Print data URL database;
Application Control
Application control is being used to control Internet applications such as IM tools, gaming clients, P2P downloading clients … etc. First, IAM will identify application via application identification rules. Each identification rule represents one application signature. When traffic travel through IAM, IAM will detect the connection, scan for the application signature and categorize the application accordingly.

IAM accommodates over 1300 application rules across 25 categorizes including streaming media, file transfer, game, download tools, mail, net meeting, OA, database, proxy tool … etc. Controls over the applications can be rather flexible based on activity, schedule, user … etc.
Intelligent P2P Identification and Control
P2P control is the most important and a hard-to-achieve feature in bandwidth management solution due to the variety and fast evolving of the P2P tools and versions. Giving the situation, SANGFOR developed its unique P2P intelligent identification technology. Thus allow organizations to be greatly benefited from P2P and streaming video control.

With the intelligent identification, IAM not only recognizes and controls the ordinary P2P software and version, but recognizes and controls the unordinary, encrypted and even future-developed P2P software also, thus delivers a highly effective P2P control solution.
Dynamic Bandwidth Allocation
The “dynamic bandwidth control” is also known as “bandwidth borrowing”. This feature is very useful for any organization that has planned to optimize the bandwidth usage. When bandwidth management policies are configured, i.e. guarantee 1Mbps bandwidth for critical user/ group/ application. When the guaranteed bandwidth is not utilized, the superfluous bandwidth can be used for other user/ application to avoid bandwidth waste.
Virtual Lines
Virtual line function is most useful when organization would like to assign Internet resource for specific group or applications through multiple physical lines. With SANGFOR IAM, each line can be divided into one or more multiple virtual lines based on specific rules such as manage by Protocol, WAN IP, WAN Port, LAN IP, LAN Port … etc. Each virtual line can be configured with specific bandwidth according to the requirements of real-life operation. Once a virtual line is being defined, it can be treated as a physical line. The Flow control policies can be applied to specific virtual line, and each virtual line can be assigned with 256 traffic pipes to make bandwidth management flexible.
Multi-lines & Intelligent Routing
IAM boasts the unique multi-line and intelligent routing Technology from SANGFOR.  For organizations with multiple Internet access lines, user access performance can be optimized through IAM by route user traffic through the quickest line intelligently. In case of line interruption, IAM will route all traffic through healthy lines automatically.
In the real-life office environment, bandwidth is limited. When internal users access several hottest websites frequently, precious bandwidth is wasted. In addition, this similarity action generates huge redundancy traffic in the network and causes low bandwidth utilization simultaneously.

SANGFOR IAM’s Proxy/Cache is designed to reduce duplicated data – Frequently accessed webpage, files and flashes are cached in IAM. Hence, internal users can access data from IAM’s cache storage instead of accessing directly from Internet. This helps to reduce the Internet traffic significantly while maximize the bandwidth utilization.

Benefited from the specialized web cache technology “multi-weighted elimination algorithm”, and the dedicated hardware platform, SANGFOR IAM is capable of cut down  the Internet traffic up to 30%-50%.
Audit-free Key
In case there are some users or workstations should be excluded from IAM’s monitoring, “Audit-free Key” can be applied to indicate IAM to bypass monitor and record the access on specific device.
Data Center Authentication Key
The data recorded by IAM may involve user privacy. In order to protect the benefit of the employee, different levels of viewing privilege can be defined for the data center – Common administrator can view only statistic report and trend report, while the administrator with SECURE KEY can view the detailed content logs.
Anti-virus Engine
IAM integrates with F-Port Antivirus engine to protect from Internet attack from worm, virus and Trojan horse.