Unified IT Management & Security Platform

Call us:
(+91) 6262621155

High-end Security Made Easy™
Stand Secure.

QuantamSentra is a fast-growing open source Next Gen Firewall with thousands of active installations worldwide — trusted by businesses, schools, hotels, and enterprises for complete network protection.
Get in Touch
1 +
Active global installations
1 +
Built-in security modules
1
Founded in Pune, The BHARAT

Firewall Monitor

  • LIVE

Blocked Threats

1,284

Active Sessions

4,921

IPS Alerts

37

VPN Tunnels

12

RECENT EVENTS

SSH brute force attempt

  • Blocked

OpenVPN road warrior

  • Connected

SSL cert fingerprint match

  • IPS Alert
Who Uses DefenseBolt

Built for Every Environment — Secure Every Network

From enterprise businesses to schools and hotels — DefenseBolt delivers professional-grade firewall security with zero compromise, for every type of network.

Businesses

Stateful inspection firewall, inline IDS/IPS, traffic shaping, and automatic cloud backup — everything included at no extra cost. Prioritise VoIP above all other traffic effortlessly.

School Networks

Share bandwidth evenly amongst students and use category-based web filtering to block adult content and malicious websites. No additional plugins required — easy to set up.

Hotels & Campings

Built-in captive portal with voucher support allows guests paid or free internet access for limited durations. Create vouchers on the fly right from the admin interface.

On the Road

DefenseBolt offers OpenVPN and IPSec VPN with road warrior support. The easy client exporter makes configuring your OpenVPN SSL client setup a breeze, even on mobile.

Remote Offices & SOHO

Utilise integrated site-to-site VPN (IPsec or SSL VPN) to create secure connections to remote offices. Easy configuration with searchable online documentation.

Core Engine

Stateful Inspection Firewall

A stateful firewall tracks the state of every network connection — only packets matching a known active connection are allowed through, all others are rejected.

1. Advanced Filtering

Filter traffic on source, destination, protocol, and port number (TCP/UDP) with granular precision across all interfaces.

2. OS Fingerprinting (OSFP)

Advanced passive OS fingerprinting — allow or block traffic based on the Operating System initiating the connection.

3. Per-Rule Traffic Logging

Each rule can be set to log a match, enabling easy review and audit via the firewall rule log module.

4. Policy Based Routing

Add a gateway to any rule and change standard routing for matching traffic with per-rule gateway options.

5. Alias Support

Group and name IPs, networks and ports with aliases — keeps your firewall ruleset clean and manageable at scale.

Firewall Architecture

STATE TABLE CONTROL

Keep State
Sloppy
Modulate
Synproxy
High Latency
Aggressive
Conservative
Normal

NETWORK SUPPORT

802.1Q VLAN (4096)
NAT Port Forwarding
NAT Reflection
Multi WAN
Load Balancer
DHCP IPv4/IPv6
Dynamic DNS
IGMP Proxy
Network Performance

Traffic Shaper — Smart Bandwidth Control

Traffic shaping controls network traffic to optimise performance, lower latency, and increase usable bandwidth — organised around pipes, queues, and rules.

Flexible & Easy

Organised around pipes, queues, and corresponding rules. Shaping rules are handled independently from firewall rules, giving you full flexibility without added complexity.

Limit Bandwidth

Define bandwidth limitations based on interface(s), IP source & destination, direction of traffic (in/out), and port numbers — with granular, application-level control.

Prioritise Traffic

Add queues and define weights to prioritise traffic. Applications with higher weight consume more bandwidth — perfect for ensuring VoIP quality on shared connections.

Physical Layer
Voice over IP
HIGHEST PRIORITY
Web Applications
HIGH
Teleconferencing
MEDIUM
File Transfer
STANDARD
Access Security

Two-Factor Authentication System-Wide

2FA is supported throughout the entire DefenseBolt system — requiring two components (pin/password + token) for every critical service, with one exception: console/SSH access.

1. Enter Username & Password

First factor: standard credentials provide the initial layer of authentication across all DefenseBolt services.

2. Generate TOTP Token

TOTP (RFC 6238) computes a one-time password from a shared secret key and current time — works with Google Authenticator on Android, iOS & BlackBerry.

3. Access Granted

Both factors verified — full access granted. Automatic Seed Generation and barcode scanning makes setup instant and simple.

2FA Supported Services

DefenseBolt GUI
  • ✓ Enabled
Captive Portal
  • ✓ Enabled
OpenVPN
  • ✓ Enabled
IPsec VPN
  • ✓ Enabled
Caching Proxy
  • ✓ Enabled
Google Authenticator
  • ✓ Supported

TOKEN PLATFORMS

Android
iOS
BlackBerry
RFC 6238
Guest Access Management

Captive Portal — Complete Access Control

Force authentication or redirection for network access — widely used in hotels, schools, corporate networks, and hotspots for layered security and flexible user management.

Template Management

DefenseBolt's unique template manager makes setting up your own login page an easy task — with URL redirection, custom pop-ups, and branded splash pages out of the box.

URL Redirect
Custom Pop-up
Splash Page

Multi-Source Authentication

Secure authentication via HTTPS with support for LDAP (Microsoft AD), Radius, Local User Manager, Vouchers/Tickets, 2FA OTP, or Splash Screen only — use any combination.

LDAP / AD
Radius
Vouchers
2FA OTP

Voucher Manager

Easy voucher creation system exports to CSV for printing. Merge vouchers with your Word/OpenOffice template to create branded handouts with your logo and company style.

CSV Export
Multi DB
Print Ready

Real-Time Reporting & Bandwidth

Live top IP bandwidth usage, active sessions, time remaining, and REST API access. Share bandwidth evenly or prioritise by protocol, port, and IP — MAC/IP bypass whitelisting included.

Live Sessions
REST API
MAC Bypass
Secure Connectivity

Virtual Private Network — Every Technology Covered

DefenseBolt offers a wide range of VPN technologies — from modern SSL VPNs to well-known IPsec — extending your private network securely across any public network.

OpenVPN (SSL VPN)

A powerful SSL VPN solution supporting wide range of client operating systems including mobile (Android & iOS). Easy client configuration exporter for site-to-site and road warrior setups.

IPsec

Standard IPsec for site-to-site connectivity with DefenseBolt, other open source firewalls, and commercial solutions (Cisco, Juniper, etc.). Full road warrior mobile client support included.

High Availability VPN

CARP-based failover ensures VPN connections stay alive even when primary firewall goes offline. State tables are synchronised for seamless switchover with minimal user interruption.

Legacy VPN Support

DefenseBolt includes L2TP and PPTP support for legacy environments when needed. Supported clients: Viscosity (Mac/Windows), OpenVPN for Android, and OpenVPN Connect for iOS.

Supported VPN Clients & Platforms

Viscosity (Mac/Win)
OpenVPN Android
OpenVPN Connect iOS
TOTP Tokens
Google Authenticator
Site to Site
Road Warrior
IPsec
OpenVPN
L2TP
PPTP
Business Continuity

High Availability / Hardware Failover

Using CARP (Common Address Redundancy Protocol), DefenseBolt creates fully redundant firewall clusters with automatic, seamless failover — zero downtime for your network.

1. Automatic Failover

If the primary firewall becomes unavailable, the secondary firewall takes over instantly — without any user intervention. Your network stays online automatically.

2. Synchronised State Tables

The firewall's state table is replicated to all failover-configured firewalls. Existing connections are maintained during failover — preventing network disruptions for active users.

3. Configuration Synchronisation

Configuration changes made on the primary system are automatically synchronised to secondary firewalls — ensuring all units are always in sync without any manual effort.

4. Service Status Overview

View and restart running services on the backup device per-service or all at once — directly from the master firewall's User Interface without requiring physical access.

Web Performance

Caching Proxy & Web Filtering

Powered by Squid — reduces bandwidth and improves response times by caching frequently-requested web pages. Combined with category-based web filtering for complete content control.

01
Multi Interface & Transparent Proxy Mode
02
LDAP, Radius, 2FA OTP Authentication
03
Fine-Grained Access Control (Subnets, Ports, MIME)
04
Category Based Web Filter with Blacklist Support
05
Maximum Upload / Download Size Control
06
Per-Host Bandwidth Throttling
07
Integrated FTP Proxy with ACL Support
08
ICAP — 3rd Party Virus Scanning Engine
09
Auto-sync Remote Blacklists via Scheduler
10
Browser/User Agent Based Access Control

Proxy Capabilities

Caching Engine
  • Squid

HTTP / HTTPS / FTP

  • ✓ Supported

Transparent Mode

  • ✓ Available

Web Filter

  • Category Based

Virus Scan (ICAP)

  • ✓ 3rd Party

Traffic Shaper

  • ✓ Integrated

ACCESS CONTROL

Subnets
Ports
MIME Types
Banned IPs
Whitelists
Blacklists
User Agents
Intrusion Prevention

Inline Intrusion Prevention System (IPS)

Based on Suricata with Netmap for minimal CPU usage — this deep packet inspection system mitigates security threats at wire speed with real-time threat intelligence integration.

Suricata-Based Inline IPS

Utilises Netmap to enhance performance and minimize CPU utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed.

Configurable Rulesets

All available rule categories can be easily selected and applied with defaults or custom settings. Alerts are fully searchable within the UI with complete detail display.

Emerging Threats ETOpen

Integrated support for ETOpen rules — an excellent anti-malware IDS/IPS ruleset for cost-effective network-based malware detection. Auto-update via configurable cron job.

SSL Blacklist (Abuse.ch)

Integrated SSLBL from abuse.ch — identifies "bad" SSL certificates associated with malware or botnet activities using SHA1 fingerprints of malicious SSL certificates.

Feodo Tracker

Tracks Feodo (Cridex/Bugat) Trojans used for ebanking fraud. Feodo Tracker currently tracks four active versions to protect against credential and credit card theft.

GeoLite2 + SSL Fingerprinting

MaxMind GeoLite2 Country database for IP geolocation-based blocking. Plus SSL fingerprinting to block protected sites based on their SSL certificate fingerprint — updated monthly.

Network Monitoring

Netflow Export & Analyses — Insight

DefenseBolt is the only open source solution with a built-in Netflow analyser integrated into its GUI — capturing complete packet flows with source, destination IP and port number.

1. Netflow Exporter

Supports multiple interfaces, filtering of ingress flows, and multiple destinations including local capture for Insight analysis. Supports Netflow v5 (IPv4) and v9 (IPv4 & IPv6).

2. Insight Analyser — Live Monitoring

Captures 5 detail levels with graphical flow representation (stacked, stream, expanded). Top usage per interface for both IPs and ports with full in/out traffic in packets and bytes.

3. Detailed View & CSV Export

Detailed view with date selection and port/IP filter (up to 2 months). Export data to CSV for offline analysis in Excel or any compatible spreadsheet application.

Netflow Analyser — Insight

Detail Capture Levels
  • 5 Levels
Stacked / Stream / Expanded
  • ✓ All Modes
Top IP & Port Usage
  • ✓ Per Interface
In/Out Packets & Bytes
  • ✓ Full
Date Filter (up to 2 months)
  • ✓ Enabled
CSV Export
  • ✓ Supported
Netflow v5 (IPv4)
  • ✓ Supported
Netflow v9 (IPv4/IPv6)
  • ✓ Supported
Built on ng_netflow (Netgraph) — kernel-level implementation with minimal overhead vs softflowd/pfflowd.
System Monitoring

System Health & Information

Dynamic view on Round Robin Data gathered by the system — track down issues faster and easier than traditional static RRD graphs, with zoom and CSV export capabilities.

Packets

Shows the number of packets per second traveling to and from each interface — real-time traffic visibility at the packet level for fast troubleshooting.

Quality

Displays latency and packet loss for all monitored gateways — essential for diagnosing connection quality and WAN performance issues in real time.

System

Sensor data for memory usage, mbufs, states, processes, and CPU temperature — complete system utilisation health at a glance for proactive monitoring.

Traffic

Traffic graphs for each interface including VPN (IPsec) — with selectable detail level, resolution, and date range. Export to CSV for Excel-based analysis.
Management Interface

Modern Bootstrap-Based User Interface

Easy-to-use responsive design accessible from desktop, tablet, and smartphone — every DefenseBolt feature is configurable through the intuitive web-based interface.

Fully Responsive

Accessible from desktop PC, tablet, and smartphone — manage your entire firewall from any device, anywhere. All features included, no external tools needed.

Multi-Language Support

Built with multi-language support in mind — German, French, Japanese, Chinese, and Mongolian language packs already in development to serve a global user base.

Built-in Help System

Many options feature an info icon with built-in contextual help to get you started quickly — no need to leave the interface to search for documentation.

Advanced Mode

Complex features like proxy, traffic shaping, and IDPS have advanced options that can be shown or hidden — keeping the interface clean for standard configurations.

Sane Defaults

Most features ship with sensible defaults allowing fast, simple configuration — get your firewall running securely in minutes, not hours, with zero friction.

2FA for GUI Access

The GUI itself supports two-factor authentication via Google Authenticator or any TOTP token — securing admin access with a second verification layer.

Data Protection

Backup & Restore

Better safe than sorry — always keep an up to date backup of your configuration. DefenseBolt makes it easy with encrypted local and Google Drive cloud backup.

History & Diff Support

Automatic backups of configuration changes allow you to review history and restore previous settings — with diff view to see exactly what changed between versions.

Encrypted File Backup

Download a configuration backup from the GUI and store it safely. Encrypt with a strong password to make plain text unreadable for unauthorised persons.

Google Drive Cloud Backup

Encrypted cloud backup with version history — Google Drive integration is built directly into the DefenseBolt user interface for seamless automated backups.

Firmware & Update System

Major Releases
  • 2× per year (Jan & Jul)
Security Updates
  • Weekly
Upgrade via
  • GUI or CLI
Reboot Required
  • Minor: Not Required
SSL Flavour
  • OpenSSL / LibreSSL
Plugin Support
  • VMware, Xen, HAProxy
UPGRADE FEATURES
Lock Package
Reinstall Single
Package Mirror
REST API
ACL Support
Online Docs

💡 All features included — no additional plugins required. System is extensible with plugins for customisations.

Complete Specifications

Full Feature Specification

Every capability DefenseBolt delivers — a comprehensive list of all features included out-of-the-box with no additional plugins or licenses required.

Template Management

  • Filter by Source, Destination, Protocol, Port, OS (OSFP)
  • Limit simultaneous connections per rule
  • Log matching traffic per rule bases
  • Policy Based Routing
  • Packet Normalisation
  • Pure router mode (disable filter)
  • State types: Keep, Sloppy, Modulate, Synproxy
  • 802.1Q VLAN support (up to 4096)

Intrusion Detection & Prevention

  • Inline IPS (Suricata + Netmap)
  • SSL Blacklists (abuse.ch SSLBL)
  • Feodo Tracker integration
  • GeoLite2 Country IP blocking
  • Emerging Threats ETOpen ruleset
  • SSL Fingerprinting
  • Auto rule update via configurable cron
  • Alert search & full detail view in UI

Virtual Private Networks

  • IPsec — Site to Site & Road Warrior
  • OpenVPN — Site to Site & Road Warrior
  • Easy client configuration exporter
  • PPTP & L2TP (Legacy support)
  • TOTP & Google Authenticator 2FA
  • Viscosity, OpenVPN Android/iOS support

Captive Portal

  • Guest Network, BYOD, Hotel/Camping
  • Template Management & Multiple Zones
  • LDAP, Radius, Local, Vouchers, 2FA auth
  • Voucher Manager (Multi DB, CSV Export)
  • Idle & Hard Timeout, Welcome Back
  • Real-Time Reporting & REST API
  • MAC & IP Whitelisting (Portal Bypass)

High Availability

  • CARP-based automatic hardware failover
  • Synchronised state tables
  • Configuration synchronisation
  • Service Status Overview & Restart
  • Multi WAN: Load Balancing & Failover
  • Load Balancer for incoming traffic

Caching Proxy

  • Squid-based multi interface proxy
  • Transparent Mode support
  • ACLs, Blacklists, Category Web Filter
  • Traffic Management (bandwidth throttle)
  • Auto sync for remote blacklists
  • ICAP — 3rd party virus scanning
  • FTP Proxy with ACL support

Traffic Shaper & Network

  • Limit & Share Bandwidth with priority queues
  • Rule based: Protocol, Source, Dest, Port, Direction
  • IGMP Proxy (multicast routing)
  • Universal Plug & Play (UPnP)
  • Dynamic DNS (list, custom, RFC 2136)
  • DNS Forwarder & DNS Server
  • DHCP Server IPv4 & IPv6 with Relay

Monitoring & Reporting

  • Netflow Exporter v5 & v9
  • Insight Netflow Analyser (built into GUI)
  • System Health (RRD, zoom, CSV export)
  • SNMP Monitor & Traps
  • Traffic Graphs per interface incl. VPN
  • Packets, Quality, System, Traffic collectors

System & Administration

  • Backup & Restore (History, File, Google Drive Cloud)
  • Firmware: Easy upgrade, weekly security updates
  • Plugin support (VMware, Xen, HAProxy)
  • REST API with ACL support
  • Diagnostics: Ping, Traceroute, Packet Capture
  • ARP Table, DNS Lookup, NDP Table
  • Free & Searchable Online Documentation
Professional Support

Fully Supported — Expert Help When You Need It

Professional support for Businesses, Integrators, and Resellers — our experts are available to support you and your customers at every stage of deployment.

1. Business Support

  • Implementation
  • Configuration
  • Migration
  • Troubleshooting & Hot fixes

2. Integrator Support

  • Network Design & Implementation
  • Mass deployment services
  • Platform migration services
  • Troubleshooting & Hot fixes
  • Rebranding

3. Reseller Support

  • Pre-sales support
  • Rebranding
  • Network Design & Implementation
  • Mass deployment services
  • Platform migration services
  • Troubleshooting & Hot fixes
Hardware Appliances

DefenseBolt Appliances — Purpose-Built Hardware

Rack-mount appliances purpose-built for DefenseBolt — enterprise-grade hardware with multiple LAN ports, console access, USB 3.0, and silent cooling fans.

Desktop Appliance

Compact desktop form factor with Console, WAN, LAN1, LAN2, LAN3 ports — ideal for small offices and SOHO deployments.

1U Rack Appliance

Standard 1U rack-mount with 4×i350 NICs, 8×82574L Netcard, Console port, 2×USB 3.0, VGA, silent turbo fan, and power switch.

Dimensions & Ports

440 × 287 × 45mm chassis with 2 chassis cooling fans, antenna sockets, VGA, Power Port, and full ETH0–ETH7 port array.

HARDWARE SPECS

440 × 287 × 45mm
4 × i350 NIC
8 × 82574L Netcard
2 × USB 3.0
Console Port
VGA Output
Silent Turbo Fan
2 Chassis Cooling Fans
Power Switch
1U Rack Mount
Your Next Gen Firewall

Stand Secure with DefenseBolt

Request a Consultation

    What is your name?*

    What company do you represent?

    Phone number?*

    A few words about your project*

    Cart (0 items)

    Create your account