PREV
NEXT

  • DDoS Detection Software

    Wanguard Sensor identifies volumetric DDoS attacks using an exceptionally fast and innovative traffic anomaly detection engine. It continuously analyzes over 130 traffic-related metrics against user-defined thresholds while profiling normal user behavior to detect unusual traffic spikes. Upon detecting a threat, the software can automatically trigger predefined response actions — such as sending notification emails, announcing prefixes via BGP, generating SNMP traps, modifying ACLs, or executing custom scripts through an intuitive API that exposes more than 80 traffic parameters. Wanguard Sensor supports multiple detection methods, including packet sniffing and flow analysis.

  • On-premise DDoS Mitigation

    Wanguard Filter ensures zero downtime for customers and services during Distributed Denial of Service (DDoS) attacks by automatically mitigating threats without requiring operator intervention. Designed to neutralize both DoS and DDoS attacks, it filters out malicious traffic on-premises and notifies the attacker’s Internet Service Provider. Harmful packets are blocked through intelligent, dynamic filtering rules applied on stateless software or hardware firewalls, as well as on BGP Flowspec-compatible routers. The system can operate inline within the main data path or redirect traffic via BGP on/off-ramping to dedicated packet-scrubbing servers.

  • Full Network Traffic Visibility

    Both Wanguard and Wansight deliver comprehensive network traffic visibility through distributed Sensors (“probes”) that capture IP packets, query SNMP devices, and analyze flow records exported via NetFlow, NetStream, jFlow, sFlow, and IPFIX. All collected data is presented in an intuitive web-based interface featuring customizable dashboards, real-time traffic graphs, and in-depth top statistics. Users can easily generate advanced analytics with aggregated data across hosts, IP groups, interfaces, applications, protocols, autonomous systems, and countries; visualize precise bandwidth utilization for thousands of IPs; and inspect raw packets and flow records.

  • Flow Collector and Analyzer

    Wanguard and Wansight include a Flow Sensor component — a fully featured flow analyzer and collector that supports all major flow technologies, including NetFlow (versions 5, 7, and 9), IETF IPFIX, and sFlow (versions 4 and 5). It features a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IPv4 and IPv6 addresses and ranges. Flow data can be stored indefinitely in a compressed binary format, enabling long-term traffic analysis. Users can generate top lists and a wide variety of aggregation reports, while powerful filtering expressions make it easy to query individual flows for rapid, ad-hoc forensic investigations.

  • Packet Sniffer and Payload Analyzer

    Wanguard and Wansight include a Packet Sensor component that inspects IP packets by sniffing 10/40/100 Gbps port-mirrored or in-line interfaces at wire speed. It features a fully scalable IP traffic analysis engine capable of monitoring, in real time, tens of thousands of IPv4 and IPv6 addresses and ranges. Users can capture and store packet dumps for forensic investigation or network troubleshooting. Packet dumps can be downloaded or viewed directly in a Wireshark-like interface that displays detailed OSI Layer 7 information, along with hexadecimal raw and ASCII data suitable for regular expression analysis. The Packet Sensor supports Libpcap, DPDK, PF_RING, and Netmap.

Andrisoft Wanguard
Feature Highlights:
 

WANGUARD and WANSIGHT can be installed from RPM packages built for 64 bit architectures (Intel or AMD CPUs). All packages were tested on Red Hat Enterprise Linux 7 and CentOS 7.

WANGUARD_5_4.pdf User Guide for WANGUARD 5.4.
WANSIGHT_5_4.pdf User Guide for WANSIGHT 5.4.
WANconsole-5.4-0.x86_64.rpm The Console is the web portal that provides single-point management and reporting for WANSIGHT and WANGUARD.
WANsensor-5.4-0.x86_64.rpm The Sensor is the WANSIGHT and WANGUARD component that does traffic accounting, monitoring and analysis.
WANfilter-5.4-0.x86_64.rpm The Filter is the WANGUARD component able to detect attackers and block malicious traffic.
WANsupervisor-5.4-0.x86_64.rpm The Supervisor provides a service that monitors, starts and stops WANSIGHT and WANGUARD components.
WANbgp-5.4-0.noarch.rpm The WANbgp package provides support for sending BGP routing announcements.

 

CONSOLE
INSTALLATION
STEPS:		 Step 1. Install the Console dependencies
First make sure that all the required dependencies are installed. On CentOS and Fedora use the yum package manager. On Red Hat Enterprise use the up2date package manager.
[root@localhost ~]# yum install mysql mariadb-server httpd php php-cli php-mysql perl-MailTools perl-DBD-MySQL perl-Net-Telnet quagga libart_lgpl php-snmp wget which tcpdump ruby gettext php-ldap cairo pango wireshark tcpdump openssl rrdtool rrdtool-perl ntp jwhois traceroute nano

Step 2. Configure the MariaDB service
MariaDB is a drop-in replacement for MySQL. Start MariaDB and set a password for the root database user. If you will deploy Sensors or Filters on remote systems, make sure that the MariaDB server is accessible by opening port TCP/3306 in the firewall.
[root@localhost ~]# nano /etc/my.cnf #set "max_allowed_packet=64M", "max_connections=300" and "skip-name-resolve" in the [mysqld] section
[root@localhost ~]# systemctl start mariadb
[root@localhost ~]# mysql_secure_installation
[root@localhost ~]# systemctl start mariadb
[root@localhost ~]# systemctl enable mariadb
[root@localhost ~]# firewall-cmd --permanent --add-service=mysql
[root@localhost ~]# systemctl restart firewalld

Step 3. Install the packages
Install the packages WANsupervisor, WANconsole, WANsensor and WANbgp.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANconsole-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh ./WANsupervisor-5.4-0.x86_64.rpm ./WANconsole-5.4-0.x86_64.rpm
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANsensor-5.4-0.x86_64.rpm
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANbgp-5.4-0.noarch.rpm
[root@localhost ~]# rpm -Uvh ./WANsensor-5.4-0.x86_64.rpm ./WANbgp-5.4-0.noarch.rpm

Step 4. Configure the Apache service
Add the line "zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.4.lin" to the [PHP] section of the php.ini file. Disable SELinux and configure the firewall to open port TCP/80 and TCP/443.
[root@localhost ~]# nano /etc/php.ini #add zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.4.lin in the [PHP] section, set date.timezone in the [Date] section (see http://php.net/manual/en/timezones.php)
[root@localhost ~]# systemctl enable httpd
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]# setenforce 0 ; nano /etc/selinux/config #set SELINUX=permissive
[root@localhost ~]# firewall-cmd --permanent --add-service=http
[root@localhost ~]# systemctl restart firewalld

Step 5. Install the Console database
Finish installing the Console by running the /opt/andrisoft/bin/install_console script. Enter the MySQL root password you set on step 2 and set a password for the Console database.
[root@localhost ~]# /opt/andrisoft/bin/install_console
[root@localhost ~]# systemctl restart httpd

Step 6. Configure and start the Supervisor service
The WANsupervisor service must be running on all systems, all the time. Execute the /opt/andrisoft/bin/install_supervisor  script to enter the Console server IP address and database password set on step 5. Even if the Supervisor and Console are installed on the same system, do not enter for the Console server IP address the loop-back address 127.0.0.1. Enter the public or private IP address of the server, not 127.0.0.1.
[root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# chkconfig --level 345 WANsupervisor on
[root@localhost ~]# service WANsupervisor restart

Step 7. Access the Console
The Console web interface is accessible by pointing your web browser to http://<hostname>/wanguard or http://<hostname>/wansight, where <hostname> is the name of the server running the Console. The default username is "admin" with the password "changeme".
Continue with the installation of the Sensor by following the steps below.

SENSOR
INSTALLATION 
STEPS:		 Step 1. Install the Sensor's dependencies
Install the required packages. Configure and start ntpd to prevent clock de-synchronization issues.
[root@localhost ~]# yum install wget mysql-libs ntp
[root@localhost ~]# systemctl start ntpd
[root@localhost ~]# systemctl enable ntpd

Step 2. Install, configure and start the Supervisor
This step is required if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console IP address and database password.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh ./WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# service WANsupervisor start
[root@localhost ~]# chkconfig --level 345 WANsupervisor on

Step 3. Install the Sensor
Install the WANsensor package.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANsensor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh ./WANsensor-5.4-0.x86_64.rpm

Step 4. Setup the Sensor
Log into the Console to setup the Sensor(s). Sensors are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running.

FILTER
INSTALLATION
STEPS:		 Step 1. Install the Filter's dependencies
Install the required packages. Configure and start ntpd to prevent clock de-synchronization issues.
[root@localhost ~]# yum install wget mysql-libs ntp
[root@localhost ~]# systemctl start ntpd
[root@localhost ~]# systemctl enable ntpd

Step 2. Install, configure and start the Supervisor
This step is necessary if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console server IP address and Console database password.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh ./WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# service WANsupervisor start
[root@localhost ~]# chkconfig --level 345 WANsupervisor on

Step 3. Remove local firewall rules
The iptables service overrules the Filter, and therefore has to be stopped. The Filter will manage the firewall rules from now on.
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# systemctl stop firewalld

Step 4. Install the Filter
Install the WANsensor and WANfilter packages.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANsensor-5.4-0.x86_64.rpm
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat7/WANfilter-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh ./WANsensor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh ./WANfilter-5.4-0.x86_64.rpm

Step 5. Setup the Filter
Log in to the Console to set up Filter(s). Filters are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running.

Company News

IP Monitoring & Anti-DDoS Software Solutions

Andrisoft develops innovative and cost-effective Linux-based applications designed for Network Administrators and Security Experts managing large-scale IP networks, including Telecoms, ISPs, Cloud Hosting Data Centers, CDNs, and DDoS Mitigation Services:

Wansight delivers bandwidth monitoring, IP accounting and in-depth traffic analysis. It includes a Flow Sensor that analyzes flow records exported via Cisco NetFlow, IPFIX, and sFlow, as well as a Packet Sensor that inspects traffic from in-line deployments, network TAPs, or through port mirroring. A web-based, OS-independent Console provides centralized management and reporting through an intuitive interface.

Wanguard extends Wansight with DDoS detection and DDoS mitigation capabilities. It protects networks and critical services from Distributed Denial of Service attacks by filtering malicious traffic through dynamic rules applied to software or hardware firewalls at the network perimeter. It supports automated response mechanisms, RTBH, BGP Flowspec, traffic diversion, scripting, and clustering for scalable, resilient protection.

DDoS Protection in Five Easy Steps

alt 1. Discover Wanguard, our solution for monitoring and protecting networks against DDoS attacks.

alt 2. Fill in the evaluation request form in order to receive the download link and a free 30-day trial license key.

alt 3. Build your very own DDoS mitigation appliance by installing our software on a spare Linux server.

alt 4. Use the fully-featured trial version for 30 days. Our engineers will assist you free of charge.

alt 5. Buy cost-effective software licenses, at any time, from our online store. The licensing cost also covers support.

Wanguard 8.5 was released! Changelog and upgrade instructions at: https://t.co/4UIyox14bQ.
Follow Andrisoft on X
Join our Newsletter to receive the latest news from us!

  OUR CLIENTS  

  • Telecom Operators: HUAWEI | VODAFONE | ORANGE | JT GLOBAL | BITE LITHUANIA | MOLDTELECOM | JUPITER TELECOMMUNICATIONS

  • Internet Service Providers: GOOGLE FIBER | YELLOWFIBER | SKYLOGIC EUTELSAT | 1&1 VERSATEL | NETCOLOGNE | SOLCON NETHERLANDS

  • Cloud / VPS Hosting Providers: DIGITALOCEAN | LEASEWEB | FLEXENTIAL | WEEBLY | VPS.NET | EAPPS | SERVERPOINT

  • Software & Services: IBM CORPORATION | MOZILLA CORPORATION | NAMECHEAP | GANDI SAS | ALLEGRO | MBANK | TF1 FRANCE

  • Security / Anti-DDoS Services: GIGENET | BLACKLOTUS | KODDOS | ROKASECURITY | DOSARREST | SERVERIUS

  • Data Centers: EQUINIX | PHOENIXNAP | CORE-BACKBONE | BSO NETWORK | ASCENTY | PLUSSERVER | MYLOC MANAGED IT