Nuaj presents
NuajProtect
NuajProtect blocks hostile IPs, scans, brute-force attempts, and DDoS sources before they reach your applications — across Linux servers, MikroTik routers, forwarding relays, and transparent inline bridge appliances.
Live Operations Dashboard
Live visibility across protected endpoints, blocked threats, source countries, feeds, and Gatekeeper detections.
How It Works
NuajProtect evaluates inbound traffic at the edge, applies local policy, and shares high-confidence detections across protected endpoints.
Trusted sources bypass enforcement checks where policy allows, keeping known-good access clean and predictable.
Curated threat intelligence is converted into enforceable block policy across Linux, MikroTik, relay, and bridge deployments.
Gatekeeper detections, DDoS triggers, and application-reported threats create shared bans that can be distributed across your protected endpoints.
Country-level policy for regions you do not serve, exposed services that should be limited, or high-risk traffic sources.
Traffic spikes and hostile sources can trigger rate limits, local blocking, and shared enforcement across other protected endpoints.
Application-aware detection for scans, brute-force attempts, hostile access patterns, and service-reported abuse.
Performance depends on hardware, NIC, kernel, policy size, traffic profile, and deployment mode.
The Platform
Deploy NuajProtect directly on servers, inside MikroTik routers, as a forwarding relay, or as a transparent inline bridge appliance.
Agents
Protect Linux servers and VMs directly. The agent applies NuajProtect policy locally before hostile traffic reaches exposed services.
MikroTik routers can protect directly at the edge, forward protected traffic in Relay Mode, or operate as a transparent Bridge Mode deployment when the network design supports it. NuajProtect syncs policy into RouterOS with smart incremental updates.
A zero-config transparent bridge appliance. WAN and EDGE remain unaddressed; MGMT uses DHCP for secure outbound communication to NuajProtect Central.
Deployment Modes
Direct protection for exposed servers or routers. NuajProtect runs at the endpoint and blocks hostile traffic before it reaches local services.
Used with: Linux Agent, MikroTik Agent
Traffic is forwarded through a NuajProtect relay before reaching the protected origin. Useful for NAT, shared hosting, remote services, and centralized protection.
Used with: Linux Agent, MikroTik Agent, NuajBridge
Transparent inline protection. NuajBridge sits between the upstream connection and protected edge while WAN and EDGE remain unaddressed.
Used with: MikroTik Agent, NuajBridge
Network Architecture
NuajProtect can protect individual servers, routers, remote services, and entire network edges from the same central policy system.
The Comparison
Most tools solve only part of the problem. NuajProtect combines threat intelligence, Gatekeeper detections, Linux enforcement, MikroTik sync, forwarding relays, bridge appliances, and centralized policy.
NuajProtect is not another firewall appliance. It is a centralized edge protection system that works with the infrastructure operators already use.
| NuajProtect | CrowdSec | FortiGate | pfSense+ | Firewalla | Untangle | |
|---|---|---|---|---|---|---|
| Annual Cost (5 endpoints) | $1,490/yr | $1,860+/yr | $5,500+ yr1 | $645+/yr | $1,395 once | ~$500/yr |
| Threat Intelligence | ||||||
| Curated IP Blocklist | 3M+ included | +$900/mo | +$500/yr | manual DIY | ~100K | ~100K |
| Global Community Banlist | included | community | — | — | — | — |
| Threat Scoring | included | +$49/mo | FortiGuard | — | basic | — |
| Real-Time Feed Updates | instant | hourly | real-time | manual | real-time | daily |
| MikroTik RouterOS Sync | ✦ ONLY HERE | — | — | — | — | — |
| DDoS Protection | ||||||
| Fast-Path Filtering | Linux / MikroTik / Bridge | agent / bouncer model | appliance-dependent | — | — | — |
| Auto-Mitigation | global ban | bouncers | HW | manual | alert only | basic IPS |
| Threat filtering throughput | multi-Gbps | SW limited | 700 Mbps | 1 Gbps | 500 Mbps | 500 Mbps |
| Management | ||||||
| Cloud Dashboard | included | free | +$$/yr | local only | app | ETM |
| Live Threat Map | ✦ ONLY HERE | — | — | — | — | — |
| Analytics | included | basic | +$3K/yr | — | limited | reports |
| Multi-Site (unlimited) | included | $31/eng | +$5K/yr | per-box | MSP | ETM |
| Hardware Security | ||||||
| 30s Device Revocation | ✦ ONLY HERE | — | yes | — | app | — |
| Auto Token Rotation | ✦ 7-day auto | — | — | — | — | — |
| Data Sovereignty | ||||||
| Self-Hosted Option | perpetual lic. | SaaS only | cloud dep. | local | local | SaaS |
| Air-Gapped Capable | offline mode | — | — | yes | — | — |
Comparison based on publicly available information and typical deployment assumptions as of May 2026. Pricing, features, hardware requirements, throughput, and licensing terms vary by vendor, region, device model, and deployment size.
The Difference
NuajProtect is designed for people who operate real networks, servers, customer sites, and exposed infrastructure.
Performance
Drop hostile traffic at the edge using efficient local enforcement on Linux, MikroTik, relays, and bridge appliances — without forcing customers into proprietary firewall hardware.
Integration
Sync NuajProtect policy directly into RouterOS address lists with smart incremental updates. Keep MikroTik at the edge while adding centralized threat intelligence and shared protection.
Visibility
See blocked sources by endpoint, country, feed, event type, and enforcement layer from a single operational dashboard.
Scalability
Start with one Linux server, MikroTik router, relay, or bridge appliance, then expand across sites and customers using the same policy system.
Defense
DDoS and abuse signals can trigger local enforcement and shared blocking across other NuajProtect endpoints on the next policy sync.
Coverage
Protect Linux servers, MikroTik routers, forwarding relays, and transparent bridge appliances from one central dashboard.
Built-In Security
Gatekeeper detections, application signals, threat feeds, and endpoint events can become shared policy — while each deployment remains controlled, auditable, and revocable.
Communications
Every endpoint uses device-specific credentials and secure outbound communication to NuajProtect Central. No inbound management ports are required.
Authentication
TOTP authenticator apps, WebAuthn/passkeys, SMS codes, and email verification — four MFA methods built in. Not a paid add-on.
Access Control
Six granular roles from Account User to Super Admin. Control exactly who can view, operate, or administer each tenant — across your entire organization.
Notifications
Configurable email and SMS notifications for DDoS attacks, agent offline events, and security incidents. Know instantly when something needs attention.
Integration
Applications can report abuse that only they can see — failed logins, scans, scraping, suspicious sessions, or policy violations. Gatekeeper can convert those signals into network-level enforcement.
Flexibility
Apply standard protection profiles or customize policy per endpoint, site, customer, or deployment mode.
Pricing
Threat intelligence, dashboard access, endpoint policy, Gatekeeper events, analytics, and centralized management are included without forcing proprietary firewall hardware.
An endpoint is a protected Linux host, MikroTik router, forwarding relay, or NuajBridge appliance.
Shield
Evaluation · 1 endpoint
Free
forever
Guard
Small business · 5 endpoints
$149
/month
Fortress
Multi-site · 25 endpoints
$549
/month
Citadel
Operators · 100 endpoints
$1,799
/month
On-Premises
Deploy NuajProtect Central on your own infrastructure for complete control over policy, telemetry, logs, threat intelligence, and endpoint management. Built for organizations that require private operations, sovereign data handling, isolated environments, or air-gapped deployments.
Guard
5 endpoints
$4,900
perpetual license
+ $784/yr maintenance
Fortress
25 endpoints
$12,500
perpetual license
+ $2,000/yr maintenance
Citadel
100 endpoints
$35,000
perpetual license
+ $5,600/yr maintenance
Sovereign
Unlimited endpoints
$75,000
perpetual license
+ $12,000/yr maintenance
All on-premises plans include full product access for the licensed endpoint count.
Maintenance covers software updates, threat feed access, security patches, and priority support. Annual maintenance is 16% of license price.
Get Started
Start with one endpoint, then expand protection across Linux servers, MikroTik routers, forwarding relays, and transparent bridge appliances from one NuajProtect account.
Built by operators
Nuaj builds and operates security, AI, cloud, storage, and infrastructure technologies — shaped by hands-on experience running real networks, servers, data centers, and large-scale systems.
Security
Edge threat protection for Linux servers, MikroTik routers, forwarding relays, and transparent bridge appliances. Built to stop hostile traffic before it reaches applications or networks.
Explore NuajProtectInfrastructure
Canadian data center operations providing colocation, cloud, hosting, and managed infrastructure services — with direct operational experience behind every Nuaj platform.
Visit HaltonDCAI Infrastructure
AI infrastructure and applied AI development focused on practical automation, intelligent operations, private deployment, and high-performance systems for real business and infrastructure use cases.
Discuss AI infrastructure
