GateMAN 4000FL is a Network Content Monitoring System to record all traffic passing a 100Mbps Ethernet line. It acts as an Ethernet bridge (2-ports switch) in pass-through mode. In this mode, user has the guarantee to save all passing frames in log or drop fashion without network performance degradation. So, no junk packet could saturate the log collector system. This capability is provided by using a firewall engine within the system to drop un-necessary frames. In pass-by mode system is a sniffer without any effect on passing traffic. But still the junk frames are automatically filtered. System could handle large amounts of logs. These logs are in (or may be converted to) an open format to let the user write his/her own software to analyze them or post-process the logs by an IDS or decryption system. The data visualization software is bundled with the system to let the operator see the contents of downloaded files, browsed pages, telnet session commands and many more. GateMAN 4000FL has the following specifications and some advanced features¹ including²:

1. Two 10/100 TX Ethernet ports.
2. One 10/100/1000 TX Ethernet ports to deliver logs.
3. Easy to install software to process the collected logs online or offline with the following capabilities:
   1. Display the pages browsed, or files fetched by users.
   2. Search pages/emails with special phrases in them.
   3. Multiple combined constraints (advanced) search.
   4. Per user, per IP, within time interval log profiling.
   5. Display the filled forms posted by user.
    
4. Traffic shaping features including:
   1. Frames per second limit on in/out frames per por
   2. Frame drops per port statistics
   3. Bytes dropped per port statistics
   4. IP, ARP, Reverse ARP, IPX, PUP, Loop back, and RAW frame type filtering (e.g. “allow NO IPX frames to come in from port 6” or “allow frames with type 0x805 to go out from port 4³" ,etc).
   5. Current/Max so far Frames/Bytes per second in/out statistics per port with capability to reset the statistics
   6. Per port queue with
      statistics on queues (e.g.: “Max number of frames queued on port number 5 so far”) with capability to reset the values
   7. Per port queue length adjustment capability
   8. Full layer three, packet filtering with automatic IP checksum control
    
5. Tight TCP stateful inspection including:
   1. TCP sequence number checking and tracing
   2. Syn/Ack/Fin state transition and violation control
   3. TCP checksum checking
   4. Out of sequence TCP packet alignment
   5. Per TCP connection bandwidth limitation
   6. DDoS attack per destination control and protection
   7. Port scan reporting and limitation
    
6. LAN user determination and logging by bundled software installed on a sensor near the remote (dialup) access server or logged in LAN user.
7. GUI based setup programs for Windows™ and Linux™.
8. Ultra fast log protocol and software to manage the logs.
9. Operation Temperature: 0 ~ 50
10. Color: Black
11. 19 inches rack mountable chassis with 4U height.