Router Node
We provide a single scalable ‘Router Node‘ with capability to morph into any customizable array of routing devices. These nodes are equipped with FreeBSD flavored architecture with support for ARM, x86, and VMFS based host machines.
Via package managed software a network node can be customized and multiplied to serve a network function need. Our ‘Singularity Portal’ allows graphical based function modifier for easy customization of overall system. The system allows for selection of network functions that can emulate any networking device.
Device Functions include
• Deployable sub-system layer (FreeBSD)
• Firewall
• Wireless Access Point (must install a wifi interface)
• Multiple Subnet Firewall
• Traffic Shaping
• State Table
• NAT2
• SAN initiator/target
• NAS device host
• CARP (failover)
• Load Balancing both Outbound and Inbound
• nmap, ping, traceroute via the GUI
• VPN – IPsec, OpenVPN, PPTP
• PPPoE Server
• Reporting Engine
• SNMP
• Dynamic DNS
• Captive Portal
• DHCP Server and Relay
• Wake on LAN
Our products can be altered for any custom solution and we provide 1Y technical support for enabling your product with our morphable network layer. Common Deployments of our software is used in about every type and size of network environment imaginable, and is almost certainly suitable for your network whether it contains one computer, or thousands as we can provide virtual solutions for any deployment. We provide various software features including a web GUI front end to host network services or simply to manipulate or monitor network attributes. Our software package is open source and is released the BSD and GNU licenses. We have different variations of our software package that our hardware come equipped with but they are mostly capable of providing the features outlined below.
Perimeter Firewall
The most common deployment of Citadelica software solution is as a perimeter firewall, with an Internet connection plugged into the WAN side, and the internal network on the LAN side. It supports multiple Internet connections as well as multiple internal interfaces.
Our software solution accommodates networks with more complex needs, such as multiple Internet connections, multiple LAN networks, multiple DMZ networks, etc. Unlike many similar solutions, you can deploy systems with dozens of interfaces if needed.
Some users also add BGP capabilities to provide connection redundancy and load balancing.
LAN or WAN Router
The second most common deployment is as a LAN or WAN router. This is a separate role from the perimeter firewall in midsized to large networks, and can be integrated into the perimeter firewall in smaller environments.
LAN Router
In larger networks utilizing multiple internal network segments, Citadelica software is a proven solution to connect these internal segments. This is most commonly deployed via the use of VLANs with 802.1Q trunking. Multiple Ethernet interfaces are also used in some environments.
In environments requiring more than 3 Gbps or 1 million packets per second of sustained throughput, no router based on commodity hardware offers adequate performance. Such environments need to deploy layer 3 switches (routing done in hardware by the switch) or high end ASIC-based routers. As commodity hardware increases in performance, and general purpose operating systems like FreeBSD improve packet processing capabilities in line with what new hardware capabilities can support, scalability will continue to improve with time.
WAN Router
For WAN services providing an Ethernet port to the customer, Citadelica software is a great solution for private WAN routers. It offers all the functionality most networks require and at a much lower price point than big name commercial offerings.
Wireless Access Point
Our products can be deployed strictly as a wireless access point. Wireless capabilities can also be added to any of the other types of deployments discussed in our WiFi section in further detail.
Special Purpose Appliances
Many deploy such software packages as a special purpose appliance. The following are three scenarios we know of, and there are sure to be many similar cases we are not aware of. Most any of the functionality of pfSense can be utilized in an appliance-type deployment. You may find something unique to your environment where this type of deployment is a great fit.
VPN Appliance
Some users drop in Citadelica software solutionas a VPN appliance behind an existing firewall, to add VPN capabilities without creating any disruption in the existing firewall infrastructure. Most VPN deployments also act as a perimeter firewall, but this is a better fit in some circumstances.
Sniffer Appliance
One user was looking for a sniffer appliance to deploy to a number of branch office locations. Commercial sniffer appliances are available with numerous bells and whistles, but at a very significant cost especially when multiplied by a number of branch locations. We offers a web interface for tcpdump that allows the downloading of the resulting pcap file when the capture is finished. This enables this company to capture packets on a branch network, download the resulting capture file, and open it in Wireshark for analysis.
Our product is not nearly as fancy as commercial sniffer appliances, but offers adequate functionality for many purposes at about 2% of the total cost.
DHCP Server Appliance
Once the user deploys single interface our system installs as solely DHCP servers. In most environments this probably does not make much sense. But in this case, the user’s staff were already familiar and comfortable with pfSense and this enabled further deployments without additional training for the administrators, which was an important consideration in this deployment.
DNS Server Appliance
We also provide a custom version of our software package with a simplified web interface, providing only the functionality desired on a system functioning strictly as a DNS server. There is a tinydns package available for our system that allows you to add this functionality to a stock software install.