Technical details

Learn more about NQX technologies for DDoS protection, encrypted data flow, and branch connectivity.

How does NQX work?

NQX software delivers quantum-safe encryption for L2 (data link layer) and L3 (network layer) VPN data transport, DDoS protection, and flexible branch connectivity for Ethernet frames and IP packets. NQX software provides high-performance packet processing for rule-based forwarding, encryption/decryption, and filtering for Ethernet-based IPv4/IPv6 networks.

NQX appliances support various branch connectivity solutions by providing copper and optical 1 and 10 gigabit Ethernet interfaces. NQX Central Manager allows configuring appliance functions, including creation and distribution of encryption keys.

The easy-to-use web-based interface helps operational personnel with their daily work of maintaining VPN network.

NQX includes interfaces for third-party systems for easy integration for syslog servers as well for asset and observatory tools.

NQX high-level setup

Interconnecting data centers
Building VPN connections through public (Layer 3) or private (Layer 2) networks.
One appliance can be used for both layers at the same time.
Appliances can be clustered on sites where high availability is needed.
General protection for private LANs from the Internet Access rules.
All nodes, keys, and connections are managed from a single Central Manager system.

Hardware options

NQX Nano

For branch and small offices

6x 10/100/1000M RJ45 Ethernet
6 Gbps throughput,
3 Gbps IPsec L2/L3,
200k flows/sec

NQX Desktop

For medium offices and small datacenters

6x 10/100/1000M RJ45 Ethernet,
expandable with 2 port 10G SFP+
20 Gbps throughput
10 Gbps IPsec L2/L3
200k flows/sec

NQX 1U

For medium datacenters and headquarters

8-24x RJ45 Ethernet, 0-16x 1G SFP, 4-12x Ethernet 10G SFP+
60 Gbps throughput
30 Gbps IPsec L2/L3
300k flows/sec

NQX Server

For large datacenters and cloud solutions

4-port Ethernet 1G / 10G SFP+
40 Gbps throughput
30 Gbps IPsec L2/L3
300k flows/sec

Detailed information about the hardware options available in the NQX Datasheet

Main features

Security feature
highlights

256 bit security level throughout the system for encryption keys, MAC keys, key agreement keys, and authentication keys
Authentication using Public Key Certificates or Shared Secrets
521 bit ECDH key exchange, alternative 8kbit Diffie-Hellman key exchange, and 16kbit Diffie- Hellman
Protection from Quantum threat using automatic PostQuantum Preshared Keys (PPK) for Key Exchange and Authentication
Perfect Forward Secrecy for session keys
Adjustable IKEv2 and IPSec cryptoperiods and cipher modes
IKEv2 DoS protection using bounded Adaptive WRED with upper bound on IKEv2
Emergency security features to purge sessions and keys

Networking feature highlights

Flexible L3 operations with native dualstack architecture, IPv4 and IPv6 support
Unlimited Ipsecs VPN support for both L2 and L3, all frames and protocols
BGP4 for IGP/EGP dynamic routing
Dynamic Host Configuration Protocol (DHCP)
Network address translation (NAT) and NAT travelsal support for mobile and broadband access
Link aggregation (LACP) for redundancy and increasing bandwidth.
Media access control address (MAC) table
Rule-based forwarding for granular flow management

Central Management feature highlights

Browser based user interface
Inventory management for nodes, configurations and software releases
VPN wizards for easy service provisioning
Mass provisioning functions
Holistic Service monitoring
Security policies with version management
Reporting templates
Role and domain-based user policy
Certification management for NQX nodes

NQX™

NQX™ Quantum-safe encryption

Technical details

How does NQX work?

NQX high-level setup