ntopng Edge (a.k.a. nEdge)

Protects all of your digital assets and online activities


ntopng Edge is a software application designed to solve a few problems:

  • Bind devices to users
  • Specify per-user layer-7 protocol policies (e.g. use X can use protocol Y)
  • Protect the network from malware and connections from/to unsafe destinations.
  • Make sure that the available Internet bandwidth is shared evenly by preventing bandwidth hogs.


Make the Network A Safe Place Again

ntopng Edge ensures the Internet is always available for business-critical applications by preventing misbehaving hosts from jeopardizing the bandwidth. ntopng Edge also secures the network against unwanted traffic such as torrents or cloud uploads that can pave the way for data breaches.

Ensured Internet availability Layer-7 applications traffic blocking/throttling
Inline unsafe traffic blocking Service micro-segmentation
Active and silent devices discovery Easy to install and simple to use


Ensured Internet availability

ntopng Edge helps network administrators ensure a smooth, controlled operation of complex networks by accurately managing the many different connected devices that compete to access the Internet. It provides an intuitive Web-Based graphical interface to control how the available Internet bandwidth is used among the devices. The maximum download and upload bandwidths can easily be policed for any device with just a handful of clicks.

Learn more about bandwidth control…

Layer-7 applications traffic blocking/throttling

It is often hard to protect networks from unwanted applications traffic. In addition, internal rules (e.g., company ethics and conduct rules) and external regulations may impose limits on the allowed websites as well as on the Layer-7 applications traffic permitted. Are you fed up with people using cloud services or with those that are downloading copyrighted contents Are your employees spending to much time visiting recreational sites during normal office hours? ntopng Edge can enforce policies to block or throttle Layer-7 applications traffic without requiring changes in the network topology that can be expensive and create conflicts with pre-existing equipments and configurations.

Learn more about inline layer-7 applications traffic blocking and throttling…

Inline unsafe traffic blocking

ntopng Edge integrates safe DNS with IP and domain lists to provide continuous protection. If someone is trying to contact a malicious host or if a malicious host is trying to reach someone on your network. ntopng Edge will automatically generate an alert and block communications involving a malicious peer. And if you want to be real-time informed on ongoing threats, simply configure the Slack integration to receive alerts on the smartphone!

Learn more about unsafe traffic blocking…

Service micro-segmentation

With service micro-segmentation, administrators create policies that explicitly permit only certain traffic to be exchanged. Policies, security settings are tailored individually on an host basis, depending on the role and function of each host. In this zero-trust security model, ntopng Edge allows you to set up policies. For example, it can force IoT sensors to only talk MQTT, or Web servers to only talk HTTP/HTTPS with clients and MySQL with backend database servers.

Learn more about service micro-segmentation…

Active and silent devices discovery

ntopng Edge discovers and accurately categories all the devices connected to the network, including those that are silent. Discovery and identification produce a rich set of information that include the device type, family, and (when possible) the model and the operating system for a wire range of devices. ntopng Edge also detects new network connected devices, as well it can send alerts when unknown devices.

Learn more about devices discovery…


How Does It Work?

ntopng Edge expects to protect a Local Area Network (LAN), so called edge. Typically, clients and digital assets that require protection reside in the LAN and must go through the WAN to browse the Internet.


ntopng Edge creates a transparent bridge between two network interfaces, one connected to a LAN and the other to a WAN. nEdge operates over the bridge where configured network policies are enforced.

This is the right mode for you if …

… you need a quick and transparent way to secure LAN-to-WAN communications without reconfiguring any devices or IP address.


ntopng Edge routes the traffic and decides which traffic should be routed and which traffic should be discarded. Multiple WAN interfaces are supported to allow also decisions on which WAN interface should be used for the routing.

This is the right mode for you if …

… if you want to create a (single-LAN or multi-WAN) router that routes traffic on a per-device basis as well as on Layer-7 applications.


Additional Features

  • Captive portal
    • Authenticate users with a login page before allowing them to access the Internet. Authentication facilitates the association between a user and his/her devices, and the consequent enforcement of configured policies.
  • Load Balancing and Failover
    • In Router Mode, when multiple WANs are configured, powerful routing policies can be implemented on a per-user basis.



Easy to Install and Simple to Use

See the getting started video for a brief installation guide and use tutorial.

Note nEdge takes over the control of your system during the initial setup, reconfiguring all the network interfaces of the system.



Use Cases


SMEs often struggle to protect their networks from unwanted Layer-7 application protocols. Internal rules or external regulations may impose limits on the websites visited as well as on the Layer-7 application protocols used in the network. nEdge helps SMEs by restricting the use of unauthorized/unwanted traffic, including that towards recreational sites and social networks.

Internet Access Providers

Hotels, bars and restaurants, malls, and more in general public places, almost always provide complimentary or paid internet access. nEdge helps in protecting business-critical operations by automatically identifying normal guests and staff people and devices, and prioritizing their traffic according to different policies.

Multi-WAN Providers

nEdge features advanced functionalities specifically designed for multi-homed Internet access providers, characterized by the presence of a number of Internet gateways with different speeds and costs (e.g. WiFi, 3G, SAT). Powerful policies can be implemented to route the traffic towards one or more gateway on the basis of the user type (e.g., premium vs basic).

See all use cases…



Available Versions

ntopng Edge comes in two versions, Professional (Small Business Edition) and Enterprise. Features are highlighted in the following table.

Feature Professional Enterprise
Ensured Internet availability

  • Enforce the maximum download/upload bandwidth
  • Guarantee the minimum download/upload bandwidth
Layer-7 applications traffic blocking/throttling

  • Enforce policies on the basis of Layer-7 applications traffic
  • Define per-user and per-Layer-7 application time and traffic quotas
Inline unsafe traffic blocking

  • Industry’s leading cyber-security companies IP and domains lists
  • Enable the use of Child-Safe DNS
  • Secure DNS to block malicious domains
Captive Portal

  • Identify and associate users with physical devices through a login page
  • Grant Internet access only to authorized users
Bridge Mode

  • Create a bridge between two network interfaces, one connected to a LAN and the other to a WAN
Router Mode

  • Route the traffic coming from an interface connected to a LAN towards one or more WAN interfaces
  • Define routing policies to be applied on a per-user basis (e.g., premium users via SAT and basic users via WiFi)

  • Constantly monitor Internet reachability and automatically exclude gateways that can no longer access the Internet
Load Balancing

  • Balance the traffic to spread the traffic going to the Internet across multiple gateways

ntopng Edge is available for Ubuntu 20.04 LTS x64. Please refer to the documentation for further details.


Operating Systems

Ubuntu Linux 20 LTS Only



ntopng Edge Professional and Enterprise versions are subject to the EULA terms. All ntop tools are free for no-profit, research and education: please read this document for more information.


Get It

You can install it from the ntop packages site.