VT AIR. The smart Firewall
VT AIR is the pioneering OT firewall solution for public and private networks. VT AIR sets new standards in cybersecurity of OT networks, especially in critical infrastructure and industrial environments. The solution is characterized by flexibility, efficiency and the highest security standards.
Energy
Water
Industrial
Transport
VT AIR. Fits any network infrastructure
Public Network
Public networks such as 5G, LTE, VDSL and FTTX play a central role in modern communications technology. They enable the smooth transmission of data on the Internet and efficiently link IIoT devices and systems with cloud networks or central control systems. Security and flexibility are of crucial importance. This is exactly what the VT AIR series guarantees – a solution that reliably optimizes your network according to your requirements.
Private Network
In the world of connected technology, private networks like SHDSL and Fiber offer not only connection but also exclusivity. They ensure dedicated, private connections between devices and assets in an OT network, with a focus on reliability, security and the highest level of encryption. VT AIR offers something else: a user-friendly experience that makes configuring OT networks a breeze.
VT AIR. OT Firewall of the next generation
Seven good reasons
VT AIR is the powerful OT firewall system – for critical infrastructures and industrial environments – that combines connectivity and cyber security.
VT AIR offers a variety of advanced threat protection mechanisms.
Blocking unwanted and unsafe websites via DNS sinkholing technology and advanced web filters with virus scanners and content filtering.
Various intrusion detection and protection rules are also available.
The Intrusion Detection and Prevention System (IDS / IPS) of the VT AIR Firewall significantly improves network security by providing complete and comprehensive real-time network protection against a wide range of network threats, vulnerabilities, exploits and threats in operating systems and applications.
VT AIR scans network traffic using powerful and comprehensive rules and signature language to detect complex threats with the Surricata program.
Suricata is an open source based intrusion detection system and intrusion prevention system
Automatic signature updates are provided regularly to ensure that the VT AIR Firewall is always up to date.
VT AIR supports the acceleration of TCP and UDP connections using Network Flow Fastpath.
For this purpose, the NFTables flow table offload technology is used, which accelerates network traffic by a factor of 2-3, all with the usual network security.
With Flowtables you can accelerate packet forwarding in software with the help of a state that no longer runs through the entire network stack after a connection has been established.
Multi-factor authentication (MFA) has become the standard to prevent unauthorized access to business-critical information.
VT AIR supports multi-factor authentication with the TOTP standard for the web interface and OpenVPN to protect your infrastructure in the best possible way.
VT AIR is a stateful firewall. A stateful firewall is a network firewall that tracks the operational status and characteristics of network connections that pass through them. The firewall is configured to distinguish between legitimate network packets for different connection types.
Packets are analyzed with NFTables (Deep Package Inspection) and allowed or blocked on the basis of firewall rules in order to ensure optimal protection of the network traffic.
Advanced Web Protection combines advanced analysis functions, blacklists and ACLs to optimally protect your web traffic.
With the built-in virus scanner, you can optimally protect your web traffic.
VT AIR uses the Squid program, which is characterized by its diverse functions and security.
The web filter can be set up as a proxy, but also as a transparent HTTP / HTTPS proxy.
With XDP, network functions (eBPF) can be executed as soon as a packet reaches the network card and before it is moved up into the kernel’s network subsystem, which leads to a significant increase in packet processing speed. This technology allows us to achieve significantly faster firewall speeds.
In general, all of our VT AIR appliances are already prepared for XDP / eBPF.
This technology will be available in VT AIR in 2021.
The IEEE 802.1X standard provides a general method for authentication and authorization in IEEE 802 networks. At the network access, a physical port in the LAN, a logical IEEE 802.1Q VLAN or a WLAN, a participant is authenticated by the authenticator, who uses an authentication server (RADIUS server) to check the authentication information transmitted by the participant (supplicant) and, if necessary, the Permits or denies access to the services offered by the authenticator (LAN, VLAN or WLAN).
VT AIR has both an 802.1X authenticator and an 802.1X supplicant.
A captive portal is a facility that is usually used in public, wireless networks in order to link the access of end devices such as laptops or smartphones to the underlying network or the Internet to the user’s consent to certain usage rules. In addition, the network provider can link access to a specific user account. VT AIR allows you to set up a captive portal for each interface with its own HTML page for authentication.
VT AIR comes with a built-in IPv4 and IPv6 Kea DHCP server.
Whether static or dynamic DHCP addresses and multiple networks, you can supply your clients with addresses without any problems.
The Kea DHCP server is also capable of high availability and can form an automatic failover with several VT AIRs.
VT AIR comes with the well-known Unbound DNS Server, which allows it to run as a stand-alone or as a forwarding DNS server. Unbound allows you to define any host overrides and domain forwarding. For security reasons, VT AIR uses different DNS block lists with categories. Encrypted DNS and DNSSEC are also not a problem.
Docker is a range of platform-as-a-service products that use virtualization at the operating system level to deliver software in packages. These are known as containers. Containers are isolated from each other and bundle their own software, libraries and configuration files. They can communicate with each other via precisely defined channels. VT AIR has support and management via the WebGUI for Docker.
HAProxy is free, open source software that provides a highly available load balancer and proxy server for TCP and HTTP-based applications that distribute requests across multiple servers. VT AIR has full support for setting up and operating a HAProxy via the web interface.
ntopng is a software for monitoring data traffic on a computer network. It was developed as a powerful and resource-effective replacement for ntop. With ntopng on VT AIR you can analyze and monitor your network traffic per interface, host or network segment.
Network Time Protocol is the most common method of synchronizing a system’s software clock with Internet time servers. It is designed to mitigate the effects of variable network latency and can typically limit the time over the public Internet to ten milliseconds. The accuracy in local networks is even better with up to a millisecond. VT AIR comes with an NTP server for the network clients.
The Simple Network Management Protocol is a standard Internet protocol used to collect and organize information about managed devices on IP networks and modify that information to change device behavior. VT AIR supports SNMPv1 / v2 and the encrypted SNMPv3 for high security. Read all the attributes of the firewall with SNMP, with the special VT AIR SNMP mibs you have full control over your monitoring.
FRR is used for dynamic routing, which allows BGP and OSPF (v4 or v6).
VT AIR offers high firewall performance with NFTables, Flowtable Offload Technology and, in the future, XDP / eBPF.
VT AIR comes fully equipped with high availability functionality. Use virtual IPs (VRRP) between multiple VT AIRs to enable failover without interruptions. The VT AIR configuration is automatically transferred from the master to the slaves and DHCP can also be used in HA operation to compensate for a failure. High availability is a must for critical installations and VT AIR enables smooth operation.
VT AIR offers a multitude of options for using and configuring interfaces. Real Interface, VLAN, QinQ, Bond, Bridge, PPP, PPTP, GRE, IPIP, SIT SHDSL, VDSL and MacVLAN are supported. In addition, various settings can be made IPv4 / IPv6, Static IP, DHCP Client, SLAAC, Mac, MTU, MSS, Link Mode, 802.1x (Suplicant) … and much more.
VT AIR offers static and dynamic routes. Gateways can be monitored using ping and intelligently interconnected in routing tables, either in failover or load balancing mode. A policy routing can also be set using firewall rules or a routing table can be assigned to clients. FRR is used for dynamic routing, which allows for BGP and OSPF (v4 or v6).
Internet Protocol Security (IPsec) is a protocol suite that enables secure communication over potentially insecure IP networks such as the Internet. VT AIR offers full support for IPSec with Strongswan. Whether tunnel or transport mode, with or without an interface, with VT AIR you can connect your locations conveniently and securely.
OpenVPN is free software for setting up a virtual private network (VPN) via an encrypted TLS connection. VT AIR supports OpenVPN as a client or as a server and enables you to set up a VPN for your employees quickly and easily.
The modern, easily understandable and dynamic web interface, which is created in numerous languages, allows you to make all settings conveniently and easily – in the interests of the user.
VT AIR comes with a modern REST API interface, via which all settings can be made conveniently and easily. Regardless of whether you have 1 or 1000 devices, with the REST API, the settings on all devices can be changed in seconds.
VT AIR offers a central management portal where you can see all devices in one place and thus easily access them. With our secure and innovative connector, you can directly access the web interface or the command line in the portal or run updates directly.
VT AIR. Always in the right format
VT AIR DIN-Rail-Models
The VT AIR 310 industrial router is a state-of-the-art German technology product specifically designed for demanding industrial environments. As the next generation industrial router, the VT AIR 310 (for DIN rail) is characterized by its advanced technology and numerous innovative solutions. With functions such as SHDSL, VDSL and LTE technology, it sets new standards in industrial routing technology.
VT AIR Desktop-Models
The VT AIR 100 is a German technology product that was specifically developed for a demanding office environment and its requirements. The business firewall VT AIR 100 can be used in a variety of ways due to its modern technology (RJ45, SFP). It is a firewall that is as compact as it is flexible and functional and, thanks to its sophisticated technology, always grows with the needs of your company. Thanks to the VT AIR operating system, you have a modern, fast and versatile user interface at your disposal.
VT AIR Rack-Models
Designed with a focus on performance, versatility and no license fees, the VT AIR system is ideal for companies and data centers of all sizes. These models can function as LAN or WAN routers, VPN routers, DHCP servers, DNS servers, and intrusion protection and detection servers. As a security platform, the rack models offer outstanding performance and speed with an excellent price-performance ratio. The VT AIR operating system also enables a modern, fast and versatile user interface.
Safety first
We protect your company value!
VT AIR. Top Security
VT AIR OT Firewall with Security & Connectivity is now primarily used by critical infrastructures to secure their own OT networks. In addition, complex industries also rely on smart technology from Germany.
VT AIR – for fast and secure networks
Modern and innovative network technologies are crucial for critical infrastructures to be successful in the age of digital transformation and to meet growing security requirements. The VT AIR 310 is not only characterized by its diverse connectivity options such as SHDSL, VDSL, SFP and LTE, but also impresses with its highly developed encryption technology.
Our innovative firewall technology can be flexibly expanded and is always up to date with the latest security thanks to over-the-air updates. This allows businesses and organizations to continually protect their networks while adapting to the demands of the ever-changing cyber threat landscape.
The VT AIR 310 provides a comprehensive solution to the challenges of modern network security, enabling energy companies to thrive in a connected world.
VT AIR – the partner for the water industry
Water management plays a crucial role in our modern world and is one of the critical infrastructures that must operate continuously and effectively. At a time when the water industry is constantly evolving, it is critical to deploy innovative network technologies that not only meet the highest security requirements, but also provide the flexibility to meet changing needs.
The VT AIR 310 offers a state-of-the-art solution that was also developed to meet the requirements of the water industry. Our modular software structure makes it possible to easily update individual components and immediately close potential security gaps. This not only ensures a constantly up-to-date security standard, but also offers the possibility of effortlessly integrating tailor-made applications and control software.
The water industry is a driving force behind modern society, and the VT AIR 310 is the reliable partner to ensure it remains efficient, safe and future-proof.
VT AIR – modern encryption algorithms for greater security
Industry, especially in complex production environments, places special demands on network technologies. In these highly dynamic and demanding environments, it is crucial to have a solution that meets the specific needs of the industry. This is exactly where VT AIR technology comes into play.
VT AIR offers a tailored network solution ideally suited to the needs of the industry. With a state-of-the-art, modular software structure, individual components can be easily updated and security gaps can be closed immediately. This flexibility and scalability ensure that the network always meets the requirements of complex production processes.
Our solution not only enables an efficient and secure network infrastructure, but also offers the ability to seamlessly integrate specific applications and control software. In an industry where every step is critical, VT AIR provides the reliability and performance essential to address complex requirements.
VT AIR – central management for intelligent networking
Transportation, particularly in the rail industry, requires state-of-the-art network technologies to meet increasing demands. The railway industry is an important part of modern mobility and is constantly changing – also with regard to digital transformation. This is exactly where VT AIR shows its strengths.
VT AIR offers a tailor-made network solution that is perfectly tailored to the needs of the transport sector, particularly rail. Our innovative firewall technology not only ensures the highest security standards, but is also extremely flexible and scalable to meet the specific requirements of rail traffic.
With our modular software structure, you can easily update individual components and close security gaps immediately. This flexibility ensures that the network is always up to date and meets the dynamic requirements of rail operations.
In addition, VT AIR enables the seamless integration of specific applications and control software that are essential in the railway sector. In an industry where reliability and safety are top priorities, VT AIR provides the technological foundation to make rail operations more efficient and safer.
