NQX™ Quantum-ready encryption

Technical details

Learn more about NQX technologies for DDoS protection, encrypted data flow and branch connectivity.


NQX data sheetTalk to sales


How does NQX work?

NQX software delivers quantum-ready encryption for L2 (data link layer) and L3 (network layer) VPN data transport, DDoS protection and flexible branch connectivity for Ethernet frames and IP packets. NQX software provides high-performance packet processing for rule-based forwarding, encryption/decryption and filtering for Ethernet based IPv4/IPv6 networks.

NQX appliances support various branch connectivity solutions by providing copper and optical 1 and 10 gigabit Ethernet interfaces. Central Management allows configuring appliance functions, including creation and distribution of encryption keys.

The easy-to-use web-based interface helps operational personnel with their daily work of maintaining VPN network.

NQX includes interfaces for third party systems for easy integration for syslog servers, as well for asset and observatory tools.


NQX high-level setup

  • Interconnecting datacenters
  • Building VPN connections through public (Layer 3) or private (Layer 2) networks.
  • One appliance can be used for both layers at the same time.
  • Appliances can be clustered on sites where high availability is needed.
  • General protection for private-LANs from the Internet Access rules.
  • All Nodes, keys and connections are managed from single Central Management system.

Hardware options

NQX Nano

Small offices and remote sites

  • 6x 10/100/1000M RJ45 Ethernet
  • 6 Gbps throughput,
  • 3 Gbps IPsec L2/L3,
  • 200k flows/sec

NQX Desktop

Offices and small data centers

  • 6x 10/100/1000M RJ45 Ethernet,
    expandable with 2 or 4 port 10G SFP+
  • 40 Gbps throughput
  • 15 Gbps IPsec L2/L3
  • 200 k flows/sec


Medium-sized data centers and HQs

  • 4-port Ethernet 1G / 10G SFP+
  • 40 Gbps throughput,
  • 30 Gbps IPsec L2/L3
  • 700 k flows/sec


for large data centers and cloud solutions

  • 4-port Ethernet 1G / 10G SFP+
  • 80 Gbps throughput,
  • 30 Gbps IPsec L2/L3
  • 700 k flows/sec

Main features


Security feature

  • Transparent L2-Ethernet encryption and L3-IP VPNs.
  • IPSec and IKEv2: Support for PSK Key lists and x.509 certificates (PKI).
  • Adjustable IKEv2 and IPSec parameters
  • Key exchange using NIST P521, or Diffie Hellman fixed groups 18 and 1336.
  • Perfect Forward Secrecy support (PFS).
  • Automatic PostQuantum Preshared Keys (PPK) support.
  • Quantum resistant encryption algorithms and key sizes (up to 16k)*.
  • Peer identity options: fully qualified domain name (FQDN), email, IPv4/IPv4 address or certificate.
  • Adjustable tunnel re-key settings.
  • Adaptive Weighted random early detection (WRED) with upper bound on IKEv2 open tunnel negotiation for DoS protection.
  • Emergency security features to purge the connections immediately and disable the appliance.
  • Certified by FI-NCSA for confidential data transport.

Networking feature highlights

  • Native dualstack architecture, IPv4 and IPv6 support.
  • Unlimited VPN support (IPSec) for both L2 and L3, all frames and protocols.
  • Flexible L3-operations with IPv4 & IPv6 capabilities.
  • BGP4 support for IGP/EGP dynamic routing.
  • Dynamic Host Configuration Protocol (DHCP),
  • Network address translation (NAT) and NAT-T support for mobile and broadband access.
  • Editable media access control address (MAC) address table.
  • Rule-based forwarding for granular flow management.

Central Management feature highlights

  • Browser based user interface.
  • Inventory management for nodes, configurations and node software releases.
  • VPN wizards for easy service provisioning.
  • Mass provisioning functions.
  • Holistic Service monitoring.
  • Security policies with version management.
  • Reporting templates.
  • Role and domain-based user policy.
  • Certification management for NQX nodes.

Get in touch about NQX demos and pricing