Tel.: +49 7121 539 550|
B2B Shop

VT AIR 500 Business Firewall

In stock

Next Generation Business Firewall

Best for VPN Router - No Licence Costs

Now: 1 Support Ticket included

Available Now!

 899,00 ( 1.069,81 incl. VAT)

Plus 19% VAT
Delivery Time: approx. 3 - 5 Business Days
SKU: VTAIR-500 Categories: , Brand:


VT AIR 500 Business Firewall

The new VT AIR 500 NextGen Firewall has been specially developed for the demanding office. The innovative desktop model impresses with numerous connection options (8 x RJ 45), its outstanding performance (> 10 Gb / s firewall and> 1 Gb / s VPN) and the high-quality technology. It is ideal for SMEs that have high security requirements and want to take the next step in the digital world.

Thanks to the VT AIR Linux operating system, you enjoy a modern, fast and versatile user interface. Designed with a focus on performance, versatility and no licensing costs, the VT AIR system is perfect for companies of all sizes.

This Business Firewall can be used as LAN or WAN router, VPN router, DHCP server, DNS server and Intrusion Protection and Detection Server.

The VT AIR 500 firewall provides you a security platform, including very high performance and speed with an excellent price-performance ratio.
8x RJ45 (1000/100/10 Mbit/s)
12V Power

Key Facts


  • Business – Enterprise Open Source Firewall

  • No Licence Fees

  • VT AIR Software – Feature Rich Firewall

Best For

  • Small Sized Business Networks

  • Small to Medium Sized Branch Office

  • Managed Service Provider / Managed Security Service Provider (MSP/MSSP) On Premise Appliance

  • Companies that need Intrusion Detection

Business – Enterprise Open Source Firewall

No Licence Fees
High Quality
Top Service and Support
The smart VT AIR 500 is the Enterprise Open Source Firewall for business and the ideal VPN router. The VT AIR 500 combines professionalism and quality with transparency and security. Despite its exceptional properties, it stands for a quick ROI. The special feature: There are no license costs. With the VT AIR 500, companies rely on technology that is as smart as well as cost-effective.

VT AIR – Next Generation Firewall

VT AIR is the next gen firewall for the enterprise market. It belongs to the third generation of firewall technology. It combines proven technologies with the latest generation approaches.

The graphic shows the advantages of the VT AIR Next Gen Firewall at a glance. It offers effective protection and always focuses on prevention. VT AIR offers comprehensive network security because it prevents attacks in advance and does not offer hackers a gateway into your business. One thing is certain: In the digital world, comprehensive security is only possible with the latest technology. This means for your company: Using VT AIR, your data enjoy the highest level of protection.

VT AIR Next Generation Firewall (NGFW)
Advanced Threat Protection2020-10-27T12:05:40+01:00

VT AIR offers a variety of advanced threat protection mechanisms.

Blocking unwanted and unsafe websites via DNS sinkholing technology and advanced web filters with virus scanners and content filtering.

Various intrusion detection and protection rules are also available.

Application Control2020-11-28T12:24:44+01:00

Application Control allows you to create firewall rules on the application level.

Traditional firewalls, which only identify ports, protocols and IP addresses, cannot identify and control applications, but a next generation firewall can. VT AIR Next Generation Firewall allows you to create firewall rules based on applications.

Intrusion Detection and Protection2020-08-25T11:36:28+02:00

The Intrusion Detection and Prevention System (IDS / IPS) of the VT AIR Firewall significantly improves network security by providing complete and comprehensive real-time network protection against a wide range of network threats, vulnerabilities, exploits and threats in operating systems and applications.

VT AIR scans network traffic using powerful and comprehensive rules and signature language to detect complex threats with the Surricata program.

Suricata is an open source based intrusion detection system and intrusion prevention system

Automatic signature updates are provided regularly to ensure that the VT AIR Firewall is always up to date.

Network Flow Fastpath2020-08-25T11:39:23+02:00

VT AIR supports the acceleration of TCP and UDP connections using Network Flow Fastpath.

For this purpose, the NFTables flow table offload technology is used, which accelerates network traffic by a factor of 2-3, all with the usual network security.

With Flowtables you can accelerate packet forwarding in software with the help of a state that no longer runs through the entire network stack after a connection has been established.

Multi Factor Authentication2020-08-25T11:38:47+02:00

Multi-factor authentication (MFA) has become the standard to prevent unauthorized access to business-critical information.

VT AIR supports multi-factor authentication with the TOTP standard for the web interface and OpenVPN to protect your infrastructure in the best possible way.

Stateful Deep Package Inspection2020-08-25T11:37:59+02:00

VT AIR is a stateful firewall. A stateful firewall is a network firewall that tracks the operational status and characteristics of network connections that pass through them. The firewall is configured to distinguish between legitimate network packets for different connection types.

Packets are analyzed with NFTables (Deep Package Inspection) and allowed or blocked on the basis of firewall rules in order to ensure optimal protection of the network traffic.

Web Control/Web Protection2020-08-25T11:37:26+02:00

Advanced Web Protection combines advanced analysis functions, blacklists and ACLs to optimally protect your web traffic.

With the built-in virus scanner, you can optimally protect your web traffic.

VT AIR uses the Squid program, which is characterized by its diverse functions and security.

The web filter can be set up as a proxy, but also as a transparent HTTP / HTTPS proxy.


With XDP, network functions (eBPF) can be executed as soon as a packet reaches the network card and before it is moved up into the kernel’s network subsystem, which leads to a significant increase in packet processing speed. This technology allows us to achieve significantly faster firewall speeds.

In general, all of our VT AIR appliances are already prepared for XDP / eBPF.

This technology will be available in VT AIR in 2021.

Authenticator 802.1X2020-08-25T11:45:35+02:00

The IEEE 802.1X standard provides a general method for authentication and authorization in IEEE 802 networks. At the network access, a physical port in the LAN, a logical IEEE 802.1Q VLAN or a WLAN, a participant is authenticated by the authenticator, who uses an authentication server (RADIUS server) to check the authentication information transmitted by the participant (supplicant) and, if necessary, the Permits or denies access to the services offered by the authenticator (LAN, VLAN or WLAN).

VT AIR has both an 802.1X authenticator and an 802.1X supplicant.


A captive portal is a facility that is usually used in public, wireless networks in order to link the access of end devices such as laptops or smartphones to the underlying network or the Internet to the user’s consent to certain usage rules. In addition, the network provider can link access to a specific user account. VT AIR allows you to set up a captive portal for each interface with its own HTML page for authentication.


VT AIR comes with a built-in IPv4 and IPv6 Kea DHCP server.

Whether static or dynamic DHCP addresses and multiple networks, you can supply your clients with addresses without any problems.

The Kea DHCP server is also capable of high availability and can form an automatic failover with several VT AIRs.


VT AIR comes with the well-known Unbound DNS Server, which allows it to run as a stand-alone or as a forwarding DNS server. Unbound allows you to define any host overrides and domain forwarding. For security reasons, VT AIR uses different DNS block lists with categories. Encrypted DNS and DNSSEC are also not a problem.


Docker is a range of platform-as-a-service products that use virtualization at the operating system level to deliver software in packages. These are known as containers. Containers are isolated from each other and bundle their own software, libraries and configuration files. They can communicate with each other via precisely defined channels. VT AIR has support and management via the WebGUI for Docker.


HAProxy is free, open source software that provides a highly available load balancer and proxy server for TCP and HTTP-based applications that distribute requests across multiple servers. VT AIR has full support for setting up and operating a HAProxy via the web interface.


ntopng is a software for monitoring data traffic on a computer network. It was developed as a powerful and resource-effective replacement for ntop. With ntopng on VT AIR you can analyze and monitor your network traffic per interface, host or network segment.


Network Time Protocol is the most common method of synchronizing a system’s software clock with Internet time servers. It is designed to mitigate the effects of variable network latency and can typically limit the time over the public Internet to ten milliseconds. The accuracy in local networks is even better with up to a millisecond. VT AIR comes with an NTP server for the network clients.


The Simple Network Management Protocol is a standard Internet protocol used to collect and organize information about managed devices on IP networks and modify that information to change device behavior. VT AIR supports SNMPv1 / v2 and the encrypted SNMPv3 for high security. Read all the attributes of the firewall with SNMP, with the special VT AIR SNMP mibs you have full control over your monitoring.


FRR is used for dynamic routing, which allows BGP and OSPF (v4 or v6).

Firewall Performance2020-08-25T12:02:48+02:00

VT AIR offers high firewall performance with NFTables, Flowtable Offload Technology and, in the future, XDP / eBPF.

High Availability2020-08-25T12:02:31+02:00

VT AIR comes fully equipped with high availability functionality. Use virtual IPs (VRRP) between multiple VT AIRs to enable failover without interruptions. The VT AIR configuration is automatically transferred from the master to the slaves and DHCP can also be used in HA operation to compensate for a failure. High availability is a must for critical installations and VT AIR enables smooth operation.


VT AIR offers a multitude of options for using and configuring interfaces. Real Interface, VLAN, QinQ, Bond, Bridge, PPP, PPTP, GRE, IPIP, SIT SHDSL, VDSL and MacVLAN are supported. In addition, various settings can be made IPv4 / IPv6, Static IP, DHCP Client, SLAAC, Mac, MTU, MSS, Link Mode, 802.1x (Suplicant) … and much more.


VT AIR offers static and dynamic routes. Gateways can be monitored using ping and intelligently interconnected in routing tables, either in failover or load balancing mode. A policy routing can also be set using firewall rules or a routing table can be assigned to clients. FRR is used for dynamic routing, which allows for BGP and OSPF (v4 or v6).


QoS is implemented with the Linux tool Traffic Control (TC) and allows incoming (ingress) or outgoing (egress) traffic to be classified according to categories and rules. QoS can easily be assigned to clients via firewall rules.


Internet Protocol Security (IPsec) is a protocol suite that enables secure communication over potentially insecure IP networks such as the Internet. VT AIR offers full support for IPSec with Strongswan. Whether tunnel or transport mode, with or without an interface, with VT AIR you can connect your locations conveniently and securely.


OpenVPN is free software for setting up a virtual private network (VPN) via an encrypted TLS connection. VT AIR supports OpenVPN as a client or as a server and enables you to set up a VPN for your employees quickly and easily.


WireGuard is free software for setting up a virtual private network (VPN) via an encrypted connection. WireGuard enables a very fast and modern VPN. VT AIR supports WireGuard natively, whether for clients, site to site or mesh.


WebVPN allows you to access an RDP / VNC / SSH or Telnet server via a WebVPN portal via the browser. VT AIR allows your users to access the devices with the browser without a client.


The modern, easily understandable and dynamic web interface, which is created in numerous languages, allows you to make all settings conveniently and easily – in the interests of the user.

REST API2020-08-25T12:08:13+02:00

VT AIR comes with a modern REST API interface, via which all settings can be made conveniently and easily. Regardless of whether you have 1 or 1000 devices, with the REST API, the settings on all devices can be changed in seconds.

Central Management Portal2020-11-20T12:21:02+01:00

VT AIR offers a central management portal where you can see all devices in one place and thus easily access them. With our secure and innovative connector, you can directly access the web interface or the command line in the portal or run updates directly.

Technical Data


CPU Intel® Atom C3558

CPU Cores

4 Cores


8x 1Gbps RJ45





Console-Port VGA
USB Ports

2x 2.0 ports

Form Factor



Case FAN

Power 12V 7A 2,5mm Hohlstecker mit Drehstecker EU Stecker

0°C – 35°C


L: 125 mm W: 80 mm H: 30 mm


Electromagnetic Emissions: FCC Class B, EN 55032 Class B, EN 61000-3-2/3-3, CISPR 32 Class B

Electromagnetic Immunity: EN 55024/ CISPR 24, (EN 61000-4-2, EN 61000-4-3, EN 61000-4-4, EN 61000-4-5, EN 61000- 4-6, EN 61000-4-8, EN 61000-4-11)

Safety: CSA/EN/IEC/UL 60950-1 Compli- ant, UL or CSA Listed (USA and Canada), CE Marking (Europe)

Other: VCCI-CISPR 32 and AS/NZS CISPR 32

Environmental: Directive 2011/65/EU and Directive 2012/19/EU


VT AIR Linux


1 Jahr inklusive

VT AIR OS is our specially developed, Linux based, operating system. The intuitively usable OS is at the core of the VT AIR Software. Based upon the “Debian Linux Distribution” it gives us flexibility, access to a fast amount of precompiled software packages and stable software.

VT AIR packages are installed on top of the debian packages and allow you to manage and use all the features of a great network firewall and router.

Read more in the VT AIR Documentation.




Modern and dynamic Webgui

All settings can easily be done in the Webgui

Dynamic Dashboard with widgets

Languages: German, English, Spanish


Webgui (Copyright Voleatech GmbH)
Contains Open Source Software


Real Interface, VLAN, QinQ, Bond, Bridge, PPP, PPTP, GRE, GRETAP, IPIP, SIT SHDSL, VDSL, MacVLAN

Interface Settings

IPv4/IPv6, Static IP, DHCP Client, SLAAC, Mac, MTU, MSS, Link Mode, and so on.


VLAN aware Bridge
untagged and tagged VLANs per Port
Settings for Treeprio, Maxhops, Aging, BPDUFilter, Pathcosts, Restricted Root Port


Modes: Loadbalance Round Robin, Active/Backup, Load Balance with XOR, LAG (802.3ad), Adaptive transmit load balancing, Adaptive Loadbalancing


Aliases, Firewalling, NAT
Filtering in Layer 2, Layer 3 or Layer 4
Extended Filter settings


Cron, DNS, DHCP (v4+v6), DHCP Relay, NTP, SNMP (v2/v3), DynDNS,


Limiter, Traffic Shaping


Static, BGP, OSPF, Multiple Routing Tables, Gateway Groups and Load Balancing


OpenVPN (Certificates, User, Shared Key)
IPSec IKEv1/IKEv2 (Certificates and PSK)


Certificate Management, Virtual IPs


Docker Apps, Individuelle Apps


APC UPS, Avahi, 802.1X Authenticator, CaptivePortal, HAProxy Reverse Proxy, IG- MPProxy, Ntopng, Suricata IDS/IPS, Squid Proxy and Webfilter



Hash: MD5, SHA1, SHA224, SHA256, SHA384, SHA512, ecdsa-with-SHA1, usw.


Webconsole, iftop, ping, tcpdump, traceroute, backups, usw.


ARP & ND, ARPing, Auditlogs, BGP, Bridge, DHCP, Dynamic Routing, Gate- ways, Interfaces, IPSec, Logfiles, Remote Syslog, OpenVPN, OSPF, QoS, Routes, Services, SFP, SHDSL, States, STP


Extensive System Settings

User- and Groupmanagement

SSH Root access

REST API (Automation)

Further functionality


User Manual VT AIR 500



Packages per Second

Test Speed
Maximum ~1.100.000 pps
Max. Connections ~10.000.000


Test Speed
Firewall 14.88 Gb/s
App Control/Intrusion Protection 1.35 Gb/s
IPSec VPN (AES-256 GCM) 1.39 Gb/s
OpenVPN (AES-256 GCM) 383 Mb/s
Wireguard 1.56 Gb/s

IMIX Traffic

Test Speed
Firewall 3.10 Gb/s
App Control/Intrusion Protection 1.15 Gb/s
IPSec VPN (AES-256 GCM) 663 Mb/s
OpenVPN (AES-256 GCM) 144 Mb/s
Wireguard 611 Mb/s

1. Throughput Data are based on bidirectional traffic

2. Iperf3 Traffic is TCP 1460 Bytes + TCP framing

3. IMIX Traffic is sets of UDP Traffic 7x 64 Byte packets, 4x 594 Byte packets, 1x 1514 Byte packets (Ethernet FCS not counted)

4. App Control/Intrusion Protection is Worst Case Performance

Go to Top