Nuaj presents
NuajProtect
Threat traffic
stops at the edge.
NuajProtect blocks hostile IPs, scans, brute-force attempts, and DDoS traffic floods before they reach your applications — across Linux servers, MikroTik routers, forwarding relays, and NuajBridge appliances.
Live Operations Dashboard
Live visibility across protected guard nodes, blocked threats, source countries, feeds, and Gatekeeper detections.
How It Works
Six layers.
One edge decision.
NuajProtect evaluates inbound traffic at the edge, applies local policy, and shares high-confidence detections across protected guard nodes.
Allowlist
Trusted sources bypass enforcement checks where policy allows, keeping known-good access clean and predictable.
Blocklist
Curated threat intelligence is converted into enforceable block policy across Linux, MikroTik, relay, and bridge deployments.
Banlist
Gatekeeper detections, DDoS triggers, and application-reported threats create shared bans that can be distributed across your protected guard nodes.
GeoIP
Country-level policy for regions you do not serve, exposed services that should be limited, or high-risk traffic sources.
DDoS
Traffic spikes and hostile sources can trigger rate limits, local blocking, and shared enforcement across other protected guard nodes.
Gatekeeper
Application-aware detection for scans, brute-force attempts, hostile access patterns, and service-reported abuse.
Performance depends on hardware, NIC, kernel, policy size, traffic profile, and deployment mode.
The Platform
One platform.
Seven ways to protect the edge.
Deploy NuajProtect directly on servers, inside MikroTik routers, as a forwarding relay, or as a transparent inline bridge appliance.
Agents
Linux Agent
Protect Linux servers and VMs directly. The agent applies NuajProtect policy locally before hostile traffic reaches exposed services.
- Ubuntu
- Debian
- RHEL / Rocky / AlmaLinux
- Fedora
- x86_64 and ARM64
- Sentry Mode
- Relay Mode
MikroTik Agent
MikroTik routers can protect directly at the edge, forward protected traffic in Relay Mode, or operate as a transparent Bridge Mode deployment when the network design supports it. NuajProtect syncs policy into RouterOS with smart incremental updates.
- RouterOS 7.13+
- Sentry, Relay, and Bridge Mode
- Incremental address-list sync
- Policy-driven feed selection
- QR onboarding
- No firewall replacement required
NuajBridge
A zero-config transparent bridge appliance. WAN and EDGE remain unaddressed — traffic is filtered inline before reaching the protected network.
- WAN and EDGE have no IP
- Dedicated MGMT port
- QR onboarding
- Transparent Bridge Mode
- Optional Relay Mode
Deployment Modes
Sentry Mode
Direct protection for exposed servers or routers. NuajProtect runs at the guard node and blocks hostile traffic before it reaches local services.
Used with: Linux Agent, MikroTik Agent
Relay Mode
Traffic is forwarded through a NuajProtect relay before reaching the protected origin. Useful for NAT, shared hosting, remote services, and centralized protection.
Used with: Linux Agent, MikroTik Agent, NuajBridge
Bridge Mode
Transparent inline protection. NuajBridge sits between the upstream connection and protected edge while WAN and EDGE remain unaddressed.
Used with: MikroTik Agent, NuajBridge
Network Architecture
NuajProtect can protect individual servers, routers, remote services, and entire network edges from the same central policy system.
The Comparison
Compare the edge protection stack.
Most tools solve only part of the problem. NuajProtect combines threat intelligence, Gatekeeper detections, Linux enforcement, MikroTik sync, forwarding relays, bridge appliances, and centralized policy.
NuajProtect is not another firewall appliance. It is a centralized edge protection system that works with the infrastructure operators already use.
| NuajProtect | CrowdSec | FortiGate | pfSense+ | Firewalla | Untangle | |
|---|---|---|---|---|---|---|
| Annual Cost (5 guard nodes) | $1,490/yr | $1,860+/yr | $5,500+ yr1 | $645+/yr | $1,395 once | ~$500/yr |
| Threat Intelligence | ||||||
| Curated IP Blocklist | 3M+ included | +$900/mo | +$500/yr | manual DIY | ~100K | ~100K |
| Global Community Banlist | included | community | — | — | — | — |
| Threat Scoring | included | +$49/mo | FortiGuard | — | basic | — |
| Real-Time Feed Updates | instant | hourly | real-time | manual | real-time | daily |
| MikroTik RouterOS Sync | ✦ ONLY HERE | — | — | — | — | — |
| DDoS Protection | ||||||
| Fast-Path Filtering | Linux / MikroTik / Bridge | — | appliance-dependent | — | — | — |
| Auto-Mitigation | global ban | bouncers | hardware | — | alert only | basic IPS |
| Threat filtering throughput | multi-Gbps | software limited | 700 Mbps | 1 Gbps | 500 Mbps | 500 Mbps |
| Management | ||||||
| Cloud Dashboard | desktop + mobile | free | +$$/yr | — | mobile app | yes |
| Live Threat Map | ✦ ONLY HERE | — | — | — | — | — |
| Analytics | included | basic | +$3K/yr | — | limited | reports |
| Multi-Site (unlimited) | included | +$31/node | +$5K/yr | — | MSP app | limited |
| Hardware Security | ||||||
| 30s Device Revocation | ✦ ONLY HERE | — | yes | — | mobile app | — |
| Auto Token Rotation | ✦ 7-day auto | — | — | — | — | — |
| Data Sovereignty | ||||||
| SaaS / Cloud | yes | yes | yes | — | — | yes |
| Self-Hosted | ✦ perpetual license | — | — | local appliance only | local appliance only | — |
| Air-Gapped Capable | yes | — | — | yes | — | — |
Comparison based on publicly available information and typical deployment assumptions as of May 2026. Pricing, features, hardware requirements, throughput, and licensing terms vary by vendor, region, device model, and deployment size.
The Difference
Six advantages built for real operators.
NuajProtect is designed for people who operate real networks, servers, customer sites, and exposed infrastructure.
Performance
Fast-Path Filtering
Drop hostile traffic at the edge using efficient local enforcement on Linux, MikroTik, relays, and bridge appliances — without forcing customers into proprietary firewall hardware.
Integration
Native MikroTik Sync
Sync NuajProtect policy directly into RouterOS address lists with smart incremental updates. Keep MikroTik at the edge while adding centralized threat intelligence and shared protection.
Visibility
Real-Time Threat Visibility
See blocked sources by guard node, country, feed, event type, and enforcement layer from a single operational dashboard.
Scalability
Scales With Your Infrastructure
Start with one Linux server, MikroTik router, relay, or bridge appliance, then expand across sites and customers using the same policy system.
Defense
Network-Wide DDoS Response
DDoS and abuse signals can trigger local enforcement and shared blocking across other NuajProtect guard nodes on the next policy sync.
Coverage
Four Protection Paths
Protect Linux servers, MikroTik routers, forwarding relays, and transparent bridge appliances from one central dashboard.
Built-In Security
Shared protection without shared risk.
Gatekeeper detections, application signals, threat feeds, and guard node events can become shared policy — while each deployment remains controlled, auditable, and revocable.
Communications
Mutual TLS Everywhere
Every guard node uses device-specific credentials and secure outbound communication to NuajProtect Central. No inbound management ports are required.
Authentication
Multi-Factor Authentication
TOTP authenticator apps, WebAuthn/passkeys, SMS codes, and email verification — four MFA methods built in. Not a paid add-on.
Access Control
Role-Based Permissions
Six granular roles from Account User to Super Admin. Control exactly who can view, operate, or administer each tenant — across your entire organization.
Notifications
Real-Time Alerts
Configurable email and SMS notifications for DDoS attacks, agent offline events, and security incidents. Know instantly when something needs attention.
Integration
Application-to-Network API
Applications can report abuse that only they can see — failed logins, scans, scraping, suspicious sessions, or policy violations. Gatekeeper can convert those signals into network-level enforcement.
Flexibility
Policy Profiles
Apply standard protection profiles or customize policy per guard node, site, customer, or deployment mode.
Pricing
Everything included.
No hidden add-ons.
Threat intelligence, dashboard access, guard node policy, Gatekeeper events, analytics, and centralized management are included without forcing proprietary firewall hardware.
A guard node is a protected Linux host, MikroTik router, forwarding relay, or NuajBridge appliance.
Shield
Evaluation · 1 guard node
Free
forever
- 1 protected guard node
- Basic threat feed
- 1-day activity history
- Dashboard access
- Community support
Guard
Small business · 5 guard nodes
$149
/month
- 5 protected guard nodes
- Threat intelligence feeds
- 7-day activity history
- Gatekeeper detection
- DDoS response policy
- MikroTik integration
- Relay Mode support
- Alerts and API access
Fortress
Multi-site · 25 guard nodes
$549
/month
- Everything in Guard
- 25 protected guard nodes
- Multi-site management
- Advanced analytics
- Customer/site grouping
- Priority support
Citadel
Operators · 100 guard nodes
$1,799
/month
- Everything in Fortress
- 100 protected guard nodes
- Advanced onboarding
- SLA with priority escalation
On-Premises
Total data sovereignty.
Full control of your security stack.
Deploy NuajProtect Central on your own infrastructure for complete control over policy, telemetry, logs, threat intelligence, and guard node management. Built for organizations that require private operations, sovereign data handling, isolated environments, or air-gapped deployments.
Guard
5 guard nodes
$4,900
perpetual license
+ $784/yr maintenance
- Self-hosted deployment
- Full product access
- Total data sovereignty
- Private threat intelligence pipeline
- Offline / air-gapped operation
- Custom retention policies
- Software updates & patches
- Threat feed access
- Priority support
Fortress
25 guard nodes
$12,500
perpetual license
+ $2,000/yr maintenance
Everything in Guard, plus:
- 25 protected guard nodes
Citadel
100 guard nodes
$35,000
perpetual license
+ $5,600/yr maintenance
Everything in Fortress, plus:
- 100 protected guard nodes
- Multi-tenant management
Sovereign
Unlimited guard nodes
$75,000
perpetual license
+ $12,000/yr maintenance
Everything in Citadel, plus:
- Unlimited guard nodes
- Nuaj Blocklist server
- White-label dashboard option
- Dedicated onboarding
All on-premises plans include full product access for the licensed guard node count.
Maintenance covers software updates, threat feed access, security patches, and priority support. Annual maintenance is 16% of license price.
Get Started
Protect the edge.
Keep control.
Start with one guard node, then expand protection across Linux servers, MikroTik routers, forwarding relays, and transparent bridge appliances from one NuajProtect account.
Built by operators
Forward-looking technology.
Built on real infrastructure.
Nuaj builds and operates security, AI, cloud, storage, and infrastructure technologies — shaped by hands-on experience running real networks, servers, data centers, and large-scale systems.
Security
NuajProtect
Edge threat protection for Linux servers, MikroTik routers, forwarding relays, and transparent bridge appliances. Built to stop hostile traffic before it reaches applications or networks.
Explore NuajProtectInfrastructure
Halton Data Center
Canadian data center operations providing colocation, cloud, hosting, and managed infrastructure services — with direct operational experience behind every Nuaj platform.
Visit HaltonDCAI Infrastructure
Applied AI Systems
AI infrastructure and applied AI development focused on practical automation, intelligent operations, private deployment, and high-performance systems for real business and infrastructure use cases.
Discuss AI infrastructure