Firewall Appliance

✓protection from external attackers
✓separation between WAN and LAN
✓highly available firewall

Firewall Appliance Offers in Detail

Free Inquiry Contact form

Firewall Appliance Silber €100.00 per month€99.00 once

Firewall Appliance Gold €250.00 per month€99.00 once

Firewall Appliance Platin €500.00 per month€149.00 once

Daily Configuration Backup

Regular Security Updates

Network Segmentation in WAN/LAN

Own VPN Access

Exclusive VPN Gateway

Full Administration Access

Intrusion Prevention System (IPS)

Technical Support

4h / month

8h / month

16h / month

Hardware Details

Highly Available

CPU cores

RAM

Log Capacity

100 GB

200 GB

500 GB

Firewall appliances in detail

To protect your servers, we offer you the option of filtering network traffic with the help of a firewall appliance. The firewall works as an Internet gateway that separates and regulates WAN (Wide Area Network) data traffic from LAN (Local Area Network) data traffic. We rely on the freely available firewall solution OPNsense as a successor to the Sophos UTM firewall solution previously used.

OPNsense Firewall

The OPNsense firewall solution is an open source firewall solution. With this solution, we are therefore independent of a specific manufacturer and its product life cycle/license model. The user-friendly interface also offers an intuitive management option for the firewall system, so that IT administrators can quickly find their way around. In addition, the solution offers an active community that is constantly developing further firewall plugins and feature extensions.

We provide our customers with OPNsense firewalls on a turnkey basis. You get full access to the firewall gateway. The only exception is the Bronze Firewall solution, which is a shared firewall environment. Our staff will be happy to assist you in choosing the right firewall product.

Technical implementation

Our firewall appliances are virtual firewall instances. These are operated on a high-availability firewall cluster. This enables us to provide this service at a particularly low cost without having to purchase a separate hardware appliance for each customer.

The firewalls are virtualized with the KVM virtualization layer.

The high availability of the firewalls is realized via OPNsens' own HA function. This works at this point with the so-called VRRP protocol, which enables active-active operation of both OPNsense firewall instances for the exchange of HA IP addresses.

The KVM hypervisors are connected to our network with several 10 Gigabit/s network ports so that the virtual firewall instance does not represent a bottleneck for your applications, even with large data volumes.

OPNsense Firewall Extensions

The free firewall solution OPNsense offers a wide range of extensions in addition to the standard firewall functions. For example, a large number of web application firewall plugins, caching proxy gateways or even mail relays are available via the OPNsense firewall with just a few clicks. We also have the option of developing our own firewall plugins if functions are required that are not currently provided by OPNsense.

Our customer support team will be happy to help you evaluate your requirements for our firewall systems and advise you on the right plugins for your firewall requirements.

Intrusion Detection

All OPNsense firewalls are equipped with the Intrusion Detection Plugin as standard. This analyzes the network traffic according to an extensive rule set consisting of over 140,000 known attack patterns and anomalies. The occurring anomalies are provided by OPNsense in the form of an alert list and provide further information on the attacker and the target of the attack. The attack patterns detected by this plugin can be automatically blocked or only logged as required.

Analysis Options and Monitoring

All OPNsense firewalls are monitored 24/7/365 by our technical support team. In addition to VPN gateways, we also monitor the current status of the firewall gateways. Our support team actively intervenes in the event of a firewall malfunction. The network firewall also provides numerous reporting functions, such as a traffic analysis of the current data traffic and an up-to-date health status report, which provides information about the current system load.

Firewall Appliance use cases

Many customers do not know when a firewall appliance makes sense. Below we have therefore shown how our customers currently use our firewall appliance solution.

Protection of a cluster environment

A firewall is particularly recommended if you are planning a server setup with several different servers and applications within a cluster. This allows you to control exactly which servers and services are allowed to be available on the Internet and which are not. If you run an online store, for example, it is usually only necessary to enable the HTTP service. All other services such as databases, Redis Cache Server, Media Server etc. are only queried by the web servers and should therefore not be directly available on the Internet.

A good side effect of this approach is also that it conserves scarce IP resources, as only a few public IP addresses are required, regardless of the number of servers located behind the firewall.

Connecting a corporate network

With the help of our OPNsense firewalls, it is possible to establish a site-to-site VPN connection. This means that you can connect your local company network to servers in our data center without the need for a VPN client.

This procedure is used in particular by customers who want to connect an on-premise Microsoft environment with a server landscape in our data center. Active Directory / Sharepoint services in particular should not be transmitted unencrypted over the Internet.