PREV
NEXT

  • DDoS Detection Software

    Wanguard Sensor identifies volumetric DDoS attacks using an exceptionally fast and innovative traffic anomaly detection engine. It continuously analyzes over 130 traffic-related metrics against user-defined thresholds while profiling normal user behavior to detect unusual traffic spikes. Upon detecting a threat, the software can automatically trigger predefined response actions — such as sending notification emails, announcing prefixes via BGP, generating SNMP traps, modifying ACLs, or executing custom scripts through an intuitive API that exposes more than 80 traffic parameters. Wanguard Sensor supports multiple detection methods, including packet sniffing and flow analysis.

  • On-premise DDoS Mitigation

    Wanguard Filter ensures zero downtime for customers and services during Distributed Denial of Service (DDoS) attacks by automatically mitigating threats without requiring operator intervention. Designed to neutralize both DoS and DDoS attacks, it filters out malicious traffic on-premises and notifies the attacker’s Internet Service Provider. Harmful packets are blocked through intelligent, dynamic filtering rules applied on stateless software or hardware firewalls, as well as on BGP Flowspec-compatible routers. The system can operate inline within the main data path or redirect traffic via BGP on/off-ramping to dedicated packet-scrubbing servers.

  • Full Network Traffic Visibility

    Both Wanguard and Wansight deliver comprehensive network traffic visibility through distributed Sensors (“probes”) that capture IP packets, query SNMP devices, and analyze flow records exported via NetFlow, NetStream, jFlow, sFlow, and IPFIX. All collected data is presented in an intuitive web-based interface featuring customizable dashboards, real-time traffic graphs, and in-depth top statistics. Users can easily generate advanced analytics with aggregated data across hosts, IP groups, interfaces, applications, protocols, autonomous systems, and countries; visualize precise bandwidth utilization for thousands of IPs; and inspect raw packets and flow records.

  • Flow Collector and Analyzer

    Wanguard and Wansight include a Flow Sensor component — a fully featured flow analyzer and collector that supports all major flow technologies, including NetFlow (versions 5, 7, and 9), IETF IPFIX, and sFlow (versions 4 and 5). It features a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IPv4 and IPv6 addresses and ranges. Flow data can be stored indefinitely in a compressed binary format, enabling long-term traffic analysis. Users can generate top lists and a wide variety of aggregation reports, while powerful filtering expressions make it easy to query individual flows for rapid, ad-hoc forensic investigations.

  • Packet Sniffer and Payload Analyzer

    Wanguard and Wansight include a Packet Sensor component that inspects IP packets by sniffing 10/40/100 Gbps port-mirrored or in-line interfaces at wire speed. It features a fully scalable IP traffic analysis engine capable of monitoring, in real time, tens of thousands of IPv4 and IPv6 addresses and ranges. Users can capture and store packet dumps for forensic investigation or network troubleshooting. Packet dumps can be downloaded or viewed directly in a Wireshark-like interface that displays detailed OSI Layer 7 information, along with hexadecimal raw and ASCII data suitable for regular expression analysis. The Packet Sensor supports Libpcap, DPDK, PF_RING, and Netmap.

Andrisoft Wanguard
Feature Highlights:

WANGUARD and WANSIGHT can be installed using Debian-compatible packages built for i686 ( 32 bit Intel or AMD ) and amd64 ( 64 bit Intel or AMD ) architectures. The installation steps listed below contain references only to 64 bit packages. To install the packages on 32 bit CPUs, simply change the "amd64" string with "i686". All packages were tested on Debian 6.x.  

WANGUARD_5_4.pdf WANGUARD 5.4 User Guide.
WANSIGHT_5_4.pdf WANSIGHT 5.4 User Guide.
WANconsole-5.4-0.i686.deb The Console is a web portal that provides single-point management and reporting for WANSIGHT and WANGUARD.
WANconsole-5.4-0.amd64.deb
WANsensor-5.4-0.i686.deb The Sensor is the WANSIGHT and WANGUARD component that does traffic accounting, monitoring and analysis.
WANsensor-5.4-0.amd64.deb
WANfilter-5.4-0.i686.deb The Filter is the WANGUARD component able to detect attackers and scrub malicious traffic.
WANfilter-5.4-0.amd64.deb
WANsupervisor-5.4-0.i686.deb The Supervisor provides routines used to start, shutdown and monitor WANSIGHT and WANGUARD components.
WANsupervisor-5.4-0.amd64.deb
WANbgp-5.4-0.all.deb The WANbgp package is used by WANGUARD for sending BGP routing announcements.

 

CONSOLE
INSTALLATION
STEPS: 		Step 1. Install the Console's dependencies
First make sure that all the required packages are installed. Use the apt-get command, after you enabled the universe repository in /etc/apt/sources.list.
debian:~# apt-get install mysql-server apache2 php5 php5-snmp php5-cli php5-mysql php5-geoip libdbd-mysql-perl libnet-telnet-perl tshark quagga rrdtool wget php5-mcrypt tcpdump whois traceroute ntp libnuma1

Step 2. Configure the MySQL server
By default, the MySQL server does not have a password set. Start the MySQL server and set a password for the MySQL root user. By default MySQL is bound to the loopback interface, so you must comment the bind-address parameter. If you deploy the Sensor or the Filter on remote systems, make sure that the MySQL server is accessible by opening port tcp/3306 in the firewall.
debian:~# nano /etc/mysql/my.cnf #comment any "bind-address" directive, enable "max_connections=300", edit "max_allowed_packet=64M" and add "skip-name-resolve", all in the [mysqld] section
debian:~# service mysql start
debian:~# /usr/bin/mysqladmin -u root password 'new-password'
debian:~# service mysql restart 

Step 3. Install the packages
Install the packages WANsupervisor, WANconsole, WANsensor and WANbgp.
debian:~# wget http://www.andrisoft.com/files/debian6/WANsupervisor-5.4-0.amd64.deb
debian:~# wget http://www.andrisoft.com/files/debian6/WANconsole-5.4-0.amd64.deb
debian:~# dpkg -i WANsupervisor-5.4-0.amd64.deb WANconsole-5.4-0.amd64.deb
debian:~# wget http://www.andrisoft.com/files/debian6/WANbgp-5.4-0.all.deb
debian:~# wget http://www.andrisoft.com/files/debian6/WANsensor-5.4-0.amd64.deb
debian:~# dpkg -i WANbgp-5.4-0.all.deb WANsensor-5.4-0.amd64.deb

Step 4. Configure the Apache server
Please check that your distribution has PHP version 5.2 or above. Add the line "zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.2.lin" for PHP 5.2 or "zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.3.lin" for PHP 5.3 in php.ini, in the [PHP] section.
debian:~# nano /etc/php5/apache2/php.ini #add zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.3.lin in the [PHP] section
debian:~# nano /etc/php5/cli/php.ini #add zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.3.lin in the [PHP] section
debian:~# service apache2 restart

Step 5. Install the Console's database
Finish installing the Console by running the /opt/andrisoft/bin/install_console script. Enter the MySQL root password you set on step 2, and provide a new password for the Console's database.
debian:~# /opt/andrisoft/bin/install_console

Step 6. Configure and start the Supervisor
The WANsupervisor daemon must be installed and started on all systems. You have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console's IP address and database password you set on step 5. If the Supervisor and Console are installed on the same system, don't use the loopback address 127.0.0.1 for the Console's IP address. Enter the IP address of the server.
debian:~# /opt/andrisoft/bin/install_supervisor
debian:~# service WANsupervisor start
debian:~# update-rc.d WANsupervisor defaults 99

Step 7. Access the Console
The Console web interface is accessible by pointing your web browser to http://<hostname>/wanguard or http://<hostname>/wansight, where <hostname> is the name of the server running the Console. The default username is "admin" with the password "changeme".
Continue with the installation of the Sensor by following the steps below.

SENSOR
INSTALLATION 
STEPS: 		Step 1. Install the Sensor's dependencies
Install the required packages. Configure and start ntpd to prevent clock de-synchronization issues.
debian:~# apt-get install wget ntp
debian:~# service ntp start

Step 2. Install, configure and start the Supervisor
This step is required if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console's IP address and database password.
debian:~# wget http://www.andrisoft.com/files/debian6/WANsupervisor-5.4-0.amd64.deb
debian:~# dpkg -i WANsupervisor-5.4-0.amd64.deb
debian:~# /opt/andrisoft/bin/install_supervisor
debian:~# service WANsupervisor start
debian:~# update-rc.d WANsupervisor defaults 99

Step 3. Install the Sensor
Install the WANsensor package.
debian:~# wget http://www.andrisoft.com/files/debian6/WANsensor-5.4-0.amd64.deb
debian:~# dpkg -i WANsensor-5.4-0.amd64.deb

Step 4. Setup the Sensor
Log into the Console to setup the Sensor(s). Sensors are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running.

FILTER
INSTALLATION
STEPS: 		Step 1. Install the Filter's dependencies
Install the required packages. Configure and start ntpd to prevent clock de-synchronization issues.
debian:~# apt-get install tcpdump iptables ntp
debian:~# service ntp start

Step 2. Install, configure and start the Supervisor
This step is necessary if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console's IP address and database password.
debian:~# /opt/andrisoft/bin/install_supervisor
debian:~# service WANsupervisor start
debian:~# update-rc.d WANsupervisor defaults 99

Step 3. Remove local firewall rules
The iptables service overrules the Filter, and therefore has to be stopped. The Filter will manage the firewall rules from now on.
debian:~# update-rc.d iptables stop
debian:~# service iptables stop

Step 4. Install the Filter
Install the packages WANsensor and WANfilter.
debian:~# wget http://www.andrisoft.com/files/debian6/WANsensor-5.4-0.amd64.deb
debian:~# wget http://www.andrisoft.com/files/debian6/WANfilter-5.4-0.amd64.deb
debian:~# dpkg -i WANsensor-5.4-0.amd64.deb WANfilter-5.4-0.amd64.deb

Step 5. Setup the Filter
Log in to the Console to set up Filter(s). Filters are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running.

Company News

IP Monitoring & Anti-DDoS Software Solutions

Andrisoft develops innovative and cost-effective Linux-based applications designed for Network Administrators and Security Experts managing large-scale IP networks, including Telecoms, ISPs, Cloud Hosting Data Centers, CDNs, and DDoS Mitigation Services:

Wansight delivers bandwidth monitoring, IP accounting and in-depth traffic analysis. It includes a Flow Sensor that analyzes flow records exported via Cisco NetFlow, IPFIX, and sFlow, as well as a Packet Sensor that inspects traffic from in-line deployments, network TAPs, or through port mirroring. A web-based, OS-independent Console provides centralized management and reporting through an intuitive interface.

Wanguard extends Wansight with DDoS detection and DDoS mitigation capabilities. It protects networks and critical services from Distributed Denial of Service attacks by filtering malicious traffic through dynamic rules applied to software or hardware firewalls at the network perimeter. It supports automated response mechanisms, RTBH, BGP Flowspec, traffic diversion, scripting, and clustering for scalable, resilient protection.

DDoS Protection in Five Easy Steps

alt 1. Discover Wanguard, our solution for monitoring and protecting networks against DDoS attacks.

alt 2. Fill in the evaluation request form in order to receive the download link and a free 30-day trial license key.

alt 3. Build your very own DDoS mitigation appliance by installing our software on a spare Linux server.

alt 4. Use the fully-featured trial version for 30 days. Our engineers will assist you free of charge.

alt 5. Buy cost-effective software licenses, at any time, from our online store. The licensing cost also covers support.

Wanguard 8.5 was released! Changelog and upgrade instructions at: https://t.co/4UIyox14bQ.
Follow Andrisoft on X
Join our Newsletter to receive the latest news from us!

  OUR CLIENTS  

  • Telecom Operators: HUAWEI | VODAFONE | ORANGE | JT GLOBAL | BITE LITHUANIA | MOLDTELECOM | JUPITER TELECOMMUNICATIONS

  • Internet Service Providers: GOOGLE FIBER | YELLOWFIBER | SKYLOGIC EUTELSAT | 1&1 VERSATEL | NETCOLOGNE | SOLCON NETHERLANDS

  • Cloud / VPS Hosting Providers: DIGITALOCEAN | LEASEWEB | FLEXENTIAL | WEEBLY | VPS.NET | EAPPS | SERVERPOINT

  • Software & Services: IBM CORPORATION | MOZILLA CORPORATION | NAMECHEAP | GANDI SAS | ALLEGRO | MBANK | TF1 FRANCE

  • Security / Anti-DDoS Services: GIGENET | BLACKLOTUS | KODDOS | ROKASECURITY | DOSARREST | SERVERIUS

  • Data Centers: EQUINIX | PHOENIXNAP | CORE-BACKBONE | BSO NETWORK | ASCENTY | PLUSSERVER | MYLOC MANAGED IT