Home » VT AIR Enterprise
VT AIR Enterprise2020-08-31T11:04:10+02:00

Open Source Firewall Transparent Cost Effective thumb_up_alt thumb_up_alt Enterprise Firewall thumb_up_alt thumb_up_alt thumb_up_alt Professional Quality Service VT AIR ... Best of Two Worlds. Open Source Firewall Enterprise Firewall thumb_up_alt Secure


Enterprise Open Source Firewall

VT AIR is the professional open source firewall for business and enterprise. VT AIR perfectly combines the advantages of both worlds: the professionalism and quality of the enterprise world and the transparency, security and cost efficiency of the open source world – without license costs and fast ROI. The modern and smart VT AIR technology offers high quality for business and enterprise.

Request Infos!

Open Source Firewall

  • Transparent
  • Cost Effective
  • Secure


Best of Two Worlds
  • Enterprise Open Source Firewall
  • No Licence Fees
  • High Quality
  • Top Service and Support
  • Fast ROI

Enterprise Firewall

  • Professional
  • Quality
  • Service

VT AIR. The Firewall System.


High Firewall Throughput


Feature Rich


Modern WebGUI

VT AIR. Firewall

VT AIR is the Linux-based system from Voleatech. The modern, user-friendly, easy-to-understand and dynamic web interface in multiple languages allows you to make all settings easily and conveniently. Whether via API or Command Line, automation is no problem with VT AIR.

Also try our central web management portal. A variety of features allow you to configure your network securely and perfectly.


Feature Rich

VT AIR not only combines the advantages of two worlds, it is also particularly feature rich and takes the interaction of the firewall to a new level.

The diverse features of VT AIR are unique in the market.
With VT AIR, companies are securely positioned, flexible and have state-of-the-art software for their firewall at all times – without license costs.

Ultimately, VT AIR is future-proof in a dynamic business and industrial world.

VT AIR. Features.

Advanced Thread Protection2020-08-25T11:34:40+02:00

VT AIR offers a variety of advanced thread protection mechanisms.

Blocking unwanted and unsafe websites via DNS sinkholing technology and advanced web filters with virus scanners and content filtering.

Various intrusion detection and protection rules are also available.

Intrusion Detection and Protection2020-08-25T11:36:28+02:00

The Intrusion Detection and Prevention System (IDS / IPS) of the VT AIR Firewall significantly improves network security by providing complete and comprehensive real-time network protection against a wide range of network threats, vulnerabilities, exploits and threats in operating systems and applications.

VT AIR scans network traffic using powerful and comprehensive rules and signature language to detect complex threats with the Surricata program.

Suricata is an open source based intrusion detection system and intrusion prevention system

Automatic signature updates are provided regularly to ensure that the VT AIR Firewall is always up to date.

Web Control/Web Protection2020-08-25T11:37:26+02:00

Advanced Web Protection combines advanced analysis functions, blacklists and ACLs to optimally protect your web traffic.

With the built-in virus scanner, you can optimally protect your web traffic.

VT AIR uses the Squid program, which is characterized by its diverse functions and security.

The web filter can be set up as a proxy, but also as a transparent HTTP / HTTPS proxy.

Stateful Deep Package Inspection2020-08-25T11:37:59+02:00

VT AIR is a stateful firewall. A stateful firewall is a network firewall that tracks the operational status and characteristics of network connections that pass through them. The firewall is configured to distinguish between legitimate network packets for different connection types.

Packets are analyzed with NFTables (Deep Package Inspection) and allowed or blocked on the basis of firewall rules in order to ensure optimal protection of the network traffic.

Multi Factor Authentication2020-08-25T11:38:47+02:00

Multi-factor authentication (MFA) has become the standard to prevent unauthorized access to business-critical information.

VT AIR supports multi-factor authentication with the TOTP standard for the web interface and OpenVPN to protect your infrastructure in the best possible way.

Network Flow Fastpath2020-08-25T11:39:23+02:00

VT AIR supports the acceleration of TCP and UDP connections using Network Flow Fastpath.

For this purpose, the NFTables flow table offload technology is used, which accelerates network traffic by a factor of 2-3, all with the usual network security.

With Flowtables you can accelerate packet forwarding in software with the help of a state that no longer runs through the entire network stack after a connection has been established.


With XDP, network functions (eBPF) can be executed as soon as a packet reaches the network card and before it is moved up into the kernel’s network subsystem, which leads to a significant increase in packet processing speed. This technology allows us to achieve significantly faster firewall speeds.

In general, all of our VT AIR appliances are already prepared for XDP / eBPF.

This technology will be available in VT AIR in 2021.


VT AIR comes with a built-in IPv4 and IPv6 Kea DHCP server.

Whether static or dynamic DHCP addresses and multiple networks, you can supply your clients with addresses without any problems.

The Kea DHCP server is also capable of high availability and can form an automatic failover with several VT AIRs.


VT AIR comes with the well-known Unbound DNS Server, which allows it to run as a stand-alone or as a forwarding DNS server. Unbound allows you to define any host overrides and domain forwarding. For security reasons, VT AIR uses different DNS block lists with categories. Encrypted DNS and DNSSEC are also not a problem.


Network Time Protocol is the most common method of synchronizing a system’s software clock with Internet time servers. It is designed to mitigate the effects of variable network latency and can typically limit the time over the public Internet to ten milliseconds. The accuracy in local networks is even better with up to a millisecond. VT AIR comes with an NTP server for the network clients.


Docker is a range of platform-as-a-service products that use virtualization at the operating system level to deliver software in packages. These are known as containers. Containers are isolated from each other and bundle their own software, libraries and configuration files. They can communicate with each other via precisely defined channels. VT AIR has support and management via the WebGUI for Docker.

Authenticator 802.1X2020-08-25T11:45:35+02:00

The IEEE 802.1X standard provides a general method for authentication and authorization in IEEE 802 networks. At the network access, a physical port in the LAN, a logical IEEE 802.1Q VLAN or a WLAN, a participant is authenticated by the authenticator, who uses an authentication server (RADIUS server) to check the authentication information transmitted by the participant (supplicant) and, if necessary, the Permits or denies access to the services offered by the authenticator (LAN, VLAN or WLAN).

VT AIR has both an 802.1X authenticator and an 802.1X supplicant.


A captive portal is a facility that is usually used in public, wireless networks in order to link the access of end devices such as laptops or smartphones to the underlying network or the Internet to the user’s consent to certain usage rules. In addition, the network provider can link access to a specific user account. VT AIR allows you to set up a captive portal for each interface with its own HTML page for authentication.


HAProxy is free, open source software that provides a highly available load balancer and proxy server for TCP and HTTP-based applications that distribute requests across multiple servers. VT AIR has full support for setting up and operating a HAProxy via the web interface.


ntopng is a software for monitoring data traffic on a computer network. It was developed as a powerful and resource-effective replacement for ntop. With ntopng on VT AIR you can analyze and monitor your network traffic per interface, host or network segment.


The Simple Network Management Protocol is a standard Internet protocol used to collect and organize information about managed devices on IP networks and modify that information to change device behavior. VT AIR supports SNMPv1 / v2 and the encrypted SNMPv3 for high security. Read all the attributes of the firewall with SNMP, with the special VT AIR SNMP mibs you have full control over your monitoring.


VT AIR offers a multitude of options for using and configuring interfaces. Real Interface, VLAN, QinQ, Bond, Bridge, PPP, PPTP, GRE, IPIP, SIT SHDSL, VDSL and MacVLAN are supported. In addition, various settings can be made IPv4 / IPv6, Static IP, DHCP Client, SLAAC, Mac, MTU, MSS, Link Mode, 802.1x (Suplicant) … and much more.


VT AIR offers static and dynamic routes. Gateways can be monitored using ping and intelligently interconnected in routing tables, either in failover or load balancing mode. A policy routing can also be set using firewall rules or a routing table can be assigned to clients. FRR is used for dynamic routing, which allows for BGP and OSPF (v4 or v6).


FRR is used for dynamic routing, which allows BGP and OSPF (v4 or v6).


QoS is implemented with the Linux tool Traffic Control (TC) and allows incoming (ingress) or outgoing (egress) traffic to be classified according to categories and rules. QoS can easily be assigned to clients via firewall rules.

High Availability2020-08-25T12:02:31+02:00

VT AIR comes fully equipped with high availability functionality. Use virtual IPs (VRRP) between multiple VT AIRs to enable failover without interruptions. The VT AIR configuration is automatically transferred from the master to the slaves and DHCP can also be used in HA operation to compensate for a failure. High availability is a must for critical installations and VT AIR enables smooth operation.

Firewall Performance2020-08-25T12:02:48+02:00

VT AIR offers high firewall performance with NFTables, Flowtable Offload Technology and, in the future, XDP / eBPF.


Internet Protocol Security (IPsec) is a protocol suite that enables secure communication over potentially insecure IP networks such as the Internet. VT AIR offers full support for IPSec with Strongswan. Whether tunnel or transport mode, with or without an interface, with VT AIR you can connect your locations conveniently and securely.


OpenVPN is free software for setting up a virtual private network (VPN) via an encrypted TLS connection. VT AIR supports OpenVPN as a client or as a server and enables you to set up a VPN for your employees quickly and easily.


WireGuard is free software for setting up a virtual private network (VPN) via an encrypted connection. WireGuard enables a very fast and modern VPN. VT AIR supports WireGuard natively, whether for clients, site to site or mesh.


The modern, easily understandable and dynamic web interface, which is created in numerous languages, allows you to make all settings conveniently and easily – in the interests of the user.

REST API2020-08-25T12:08:13+02:00

VT AIR comes with a modern REST API interface, via which all settings can be made conveniently and easily. Regardless of whether you have 1 or 1000 devices, with the REST API, the settings on all devices can be changed in seconds.

Zentrales Managementportal2020-08-25T12:08:51+02:00

VT AIR offers a central management portal where you can see all devices in one place and thus easily access them. With our secure and innovative connector, you can directly access the web interface or the command line in the portal or run updates directly.

VT AIR. Appliances

VT AIR 100 Front Straight Business Firewall

VT AIR 100. Business Firewall

The VT AIR 100 has been specially developed for the demanding office sector. The innovative office firewall convinces with its connection possibilities: SFP and RJ45.

Combined with state-of-the-art VT AIR software, the VT AIR 100 offers a variety of features and maximum speed – all at an attractive office price.


VT AIR 1200. Enterprise Firewall

The VT AIR 1500 is specially designed for racks and data centers. The Enterprise Firewall impresses with its connection options: 2x SFP + (10 Gb), 2x RJ45 (10GB) and 4x RJ45 (1 Gb).

The VT AIR 1200 offers high functionality for demanding network environments. The performance ranges from 10 Gb to BGP.

VT AIR 1200 Enterprise Firewall Front

VT AIR 1500. Enterprise Firewall

The VT AIR 1500 is specially designed for racks and data centers. The enterprise firewall convinces with your connection possibilities: SFP + (10 Gb) and RJ45 (10 Gb / 1 Gb).

Combined with advanced VT AIR software, the VT AIR 1500 provides maximum functionality for demanding network environments. The performance ranges from 10 Gb to BGP.


VT AIR. Compare Models.


  VT AIR 100 VT AIR 1200 VT AIR 1500 VT AIR 300
  Desktop Rack Rack Industrial
  VT AIR 100 Front Straight Business Firewall
Use Case
Recommended for
  • Small Offices
  • Medium Offices
  • VPN Endpoint
  • Branch Office
  • Medium Office
  • Datacenter with Rack
  • VPN Server
  • Large Office
  • IDS/IPS Requirements
  • Datacenter
  • VPN Server
  • Energy Grid Operator
  • Energy Supplier and Public Utility Companies
  • Smart City Backend
  • Wind Power Operator
  • Industrial Network Operator
  • Industrial Edge Computing
Packages Per Second ~450.000 pps ~4.350.000 pp ~5.200.000 pps ~1.270.000 pps
Firewall 1.86 Gb/s 37.742 Gb/s 37.742 Gb/s 14.878 Gb/s
Firewall + IPS 244 Mb/s 3.910 Gb/s 14.910 Gb/s 6.224 Gb/s
IPSec VPN 298 Mb/s
(AES-256 CBC, SHA256)
3.977 Gb/s
(AES-256 GCM)
2.486 Gb/s
(AES-256 GCM)
1.930 Gb/s
(AES-256 GCM)
OpenVPN 92 Mb/s
(AES-256 CBC, SHA256)
243 Mb/s
(AES-256 GCM)
903 Mb/s
(AES-256 GCM)
193 Mb/s
(AES-256 GCM)
Firewall 1.31 Gb/s 12.59 Gb/s 15.60 Gb/s 2.75 Gb/s
Firewall + IPS 304 Mb/s 2.03 Gb/s 3.57 Gb/s 714 Mb/s
IPSec VPN 71 Mb/s
(AES-256 CBC, SHA256)
610 Mb/s
(AES-256 GCM)
1.1 Gb/s
(AES-256 GCM)
410 Mb/s
(AES-256 GCM)
OpenVPN 40 Mb/s
(AES-256 CBC, SHA256)
122 Mb/s
(AES-256 GCM)
363 Mb/s
(AES-256 GCM)
91 Mb/s
(AES-256 GCM)
CPU ARM v7 Cortex-A9 @ 1.6 GHz Intel C3858, 2.0 GHz, 12 Core, Intel Quick Assist Intel Xeon D 2123IT, 2.2 GHz, 4 Core or
Intel Xeon D 2146NT, 2.3 GHz, 8 Core, Intel Quick Assist
4 Core ARM64 (Marvell ARMADA 8040)
Storage 8GB eMMC 256GB M.2 SSD SATA 256GB M.2 SSD SATA
1x 256GB SSD SATA Hot Swap
2x 256GB SSD SATA Hot Swap (RAID1)
Memory 1GB DDR3 8GB DDR4 32 GB DDR4 ECC Reg 4GB DDR4
Network Ports

2x 1Gb RJ45
1x 1Gb SFP

2x 10Gb Intel SFP+
2x 10Gb Intel RJ45
4x 1Gb Intel RJ45
2x 10Gb Intel SFP+
2x 10Gb Intel RJ45
9x 1Gb Intel RJ45

2x 10Gb SFP+
4x 1Gb RJ45

  • IPMI
  • IPMI
  • Optional:
    • 2x 4 Port 10GB SFP+
  • Optional:
    • 2x DSL
      (SHDSL oder VDSL)
    • 1x LTE/3G
  • 24V
  • Din Rail

1. Throughput Data are based on bidirectional traffic

2. Iperf3 Traffic is TCP 1460 Bytes + TCP framing

3. IMIX Traffic is sets of UDP Traffic 7x 64 Byte packets, 4x 594 Byte packets, 1x 1514 Byte packets (Ethernet FCS not counted)


Go to Top