Advanced Threat Protection

VT AIR offers a variety of advanced threat protection mechanisms – blocking unwanted and insecure websites via DNS sinkholing technology and advanced web filters with virus scanners and content filtering. Various intrusion detection and protection rules are also available. VT AIR thus protects the network itself from sophisticated attacks.

Anti Virus

The data traffic of the VT AIR Next Gen Firewall is also checked with a modern virus scanner to ensure maximum security for downloads.

Application Control

Application Control allows the rule of a firewall to be created at the application level. Traditional firewalls that only identify ports, protocols and IP addresses cannot identify and control applications, whereas the VT AIR Next Gen Firewalls offer this possibility. Specifically, this means: A VT AIR Next Generation Firewall can create firewall rules based on applications. VT AIR also offers a captive portal: A device that is usually used in public, wireless networks to link access from end devices such as laptops or smartphones to the underlying network or the Internet to the user’s consent to certain usage rules. In addition, the provider of the network can link access to a specific user account. VT AIR offers the option of setting up a captive portal for each interface – with its own HTML page for authentication.

High Availability

High availability allows several VT AIR firewalls to be combined into a cluster. HA enables a new dimension of failsafety by allowing additional VT AIR firewalls to automatically and uninterruptedly take over the services of the master firewall.

Identity Awareness
Identity awareness allows users to be assigned to firewall rules and user-related rules to be managed. This usually happens with user synchronization via a central identity server such as an Active Directory.

Intrusion Detection – / Intrusion Prevention System
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) of a VT AIR Next Gen Firewall detect an attack based on communication patterns and information up to layer 7 of the data traffic. The difference between IDS and IPS: IDS recognizes the attack (detection) and IPS (prevention) isolates it by actively preventing the connection or blocking the sender.

Multi Factor Authentication

Multi-factor authentication (MFA) has become the standard to prevent unauthorized access to mission-critical information. VT AIR supports multi-factor authentication with the TOTP standard for the web interface and OpenVPN to protect the infrastructure in the best possible way.

Packet Offloader

With our specially developed for VT AIR packet offloader, based on XDP, VT AIR achieves unprecedented firewall speeds with extremely efficient hardware usage. Explanation: XDP allows network functions (eBPF) to be executed as soon as a packet reaches the NIC and before it is moved up into the kernel’s network subsystem, resulting in a significant increase in packet processing speed. This technology makes it possible to achieve significantly faster firewall speeds. In general, all VT AIR appliances are prepared for XDP/eBPF. This technology will be available from Q4 2022.

Stateful Deep Package Inspection

VT AIR is a stateful firewall. A stateful firewall is a network firewall that tracks the operational status and properties of network connections that pass through it. The firewall is configured to distinguish legitimate network packets for different connection types. Packets are analyzed with NFTables (Deep Package Inspection) and allowed or blocked based on firewall rules to ensure optimal protection of network traffic.

Web Application Firewall

WAF is a special form of firewall that filters, monitors, and blocks HTTP traffic to and from a web service.

Web Filtering

VT AIR’s Advanced Web Protection combines advanced, dynamic analysis functions, black lists and ACLs to secure data traffic. The built-in virus scanner provides the best possible protection for web traffic. VT AIR uses the Squid program for this, which is characterized by its diverse functions and security. The web filter can be set up as a proxy, but also as a transparent HTTP/HTTPS proxy.