From Wikipedia, the free encyclopedia
Jump to: navigation, search
WANGUARD logo.png
Developer(s) Andrisoft SRL
Initial release March 1, 2006
Stable release
5.3 / December 23, 2013 (2013-12-23)
Written in C, PHP, JavaScript, Perl
Operating system Linux
Available in English
Type Network monitoring, DDoS mitigation
License Proprietary EULA

Andrisoft WANGUARD is a commercial software that monitors IP traffic and protects networks from DDoS attacks by filtering the malicious packets and by black-holing destinations.
Its web interface provides customizable Dashboards with real-time traffic graphs and tops, complex reports with aggregated data for hosts, departments, interfaces, applications, ports, protocols and more.

WANGUARD 5 Dashboard
WANGUARD 5 Interfaces
WANGUARD 5 Attack Report


The key features of the product are:

  • Distributed traffic monitoring – it uses software sensors that can be deployed across the network to monitor IP traffic by Port mirroring, NetFlow, SFlow or IPFIX.
  • Web Interface – the integrated Ajax-based web portal provides centralized management and a network-wide visibility of traffic flows, events and other collected data.
  • DDoS detection – DDoS attacks are detected by a traffic anomaly detection engine that can use user-defined traffic policies or Holt-Winters-based traffic behaviour analysis.
  • DDoS mitigation – it generates Iptables rules that block attacking IP Addresses; spoof attacks are filtered by applying dynamic rules for source or destination TCP and UDP ports, IP protocols, TTL, TCP SYN etc.
  • Collector of flows and packets – it provides a flow collector and a web-based, Wireshark-like Packet analyzer that can save packets or flows.
  • Real-time reporting – the traffic analysis engine updates graphs, tops and statistics every 5 seconds; histograms appear animated.
  • Historical reporting – every data retention parameter can be configured from 1 day to 10 years; reports can be generated for any custom time period.
  • Scheduled reporting – consolidated reports can be automatically generated and emailed at preconfigured intervals of time.
  • Automatic responses – it includes modules for sending emails, executing custom scripts, notify SIEM systems though SNMP traps etc.; responses to threats can be extended though an open API.


Since 2012 Andrisoft is also releasing a "lite" version of WANGUARD called WANSIGHT that doesn't contain features related to traffic anomalies.


Date Release Notes
1 March 2006 1.0[1] First public release
1 March 2008 2.0[2] Major performance improvements and a completely rewritten web console
5 January 2009 3.0[3] Major performance improvements, bug fixes, 10 Gigabit Ethernet packet sniffing, Netflow sampling support and improved AS Numbers support
8 May 2010 4.0[4] Adds a brand new Web User Interface, performance improvements, partial SFlow support, 95th percentile, greatly improved traffic accounting and traffic graphs support, advanced permissions for user roles, FreeBSD 8 support, LDAP and Active Directory support, Events Reporting, Scheduled Reports, Tables and Logs can be exported in Excel, VLAN & MPLS support, PF_RING support for improved 10 Gbps packets sniffing, RAM storage method for IP graphs, RRDCache support, NetFlow archive, 4 Console themes, DNS reverse lookups for IP addresses
20 October 2012 5.0[5] WANGuard is renamed WANGUARD. It adds extensible traffic decoders, a new traffic thresholds system, NetFlow v9, native SFlow, IPFIX, traffic capturing framework, Combined Reports and Dashboard, full IPv6 support, new decoders, multiple CPU support for packet sniffing, in-NIC hardware filters, IPv4 and IPv6 mask restrictions to BGP announcements

See also[edit]

External Links[edit]


Category:System administration Category:Network management Category:Network performance Category:Network analyzers Category:Network software stubs Category:Intrusion detection systems Category:Firewall software Category:Internet Protocol based network software