Security and Performance in a Compact Desktop Design
The firewall delivers top-tier protection and reliable performance for your network. Equipped with a powerful dual-core CPU, 8 GB of RAM, and a spacious 120 GB SSD, it ensures fast and efficient data processing without compromising on security.
The FW2000 includes high-end features such as forward caching proxy, traffic shaping, intrusion detection, and easy setup for OpenVPN clients.
A standout feature is the 4x 2.5 Gbit/s Ethernet ports, which provide fast and stable network connectivity. Its versatile connectivity also includes 2x USB 3.0 Type-A, 1x USB-C 3.2 Type-C, and a COM port, allowing for flexible integration into existing network systems as well as easy configuration and management.
Specifically designed to effectively protect your network against unauthorized access, viruses, malware, and other threats, the FW2000 combines user-friendly interfaces with robust hardware. It is the ideal solution for businesses and organizations that demand the highest standards of security and reliability. Whether in small businesses, mid-sized companies, or large enterprises—the FW series offers a scalable and powerful security solution for every requirement.
Take a look at some of our highlights—but keep in mind, the firewall offers far more features than we can list here.
✓ QoS ✓ 2FA ✓ OpenVPN ✓ IPSec ✓ CARP ✓ Captive Portal ✓ Proxy ✓ Webfilter ✓ IDPS ✓ Netflow ✓ und mehr!
Product Highlights
Stateful Firewall
A stateful firewall is a firewall that tracks the status of network connections (such as TCP streams, UDP communication) that pass through it. The system provides the ability to group firewall rules by category, an optimal feature for more sophisticated network setups.
Dashboard
The modern user interface offers an intuitive user experience with integrated help and quick navigation via the search field. The firewall dashboard enables quick status checks and supports multi-column drag-and-drop functionality.
Captive Portal
The Captive Portal allows you to enforce authentication or redirect to a click-through page for network access. This is commonly used in hotspot networks, but is also widely used in corporate networks to provide an additional layer of security for wireless internet access. The system offers most enterprise features, including radius and voucher support.
Two-factor authentication
Two-factor authentication, also known as 2FA or 2-Step Verification, is an authentication method that requires two components such as a pin/password + a token. The firewall provides full support for two-factor authentication (2FA) throughout the system using TOTP such as the Google Authenticator.
Traffic Shaper
The traffic shaping of the firewall is very flexible and is based on pipes, queues and corresponding rules. The pipes define the allowed bandwidth; the queues can be used to define a weighting within the pipe and finally the rules are used to apply the shaping to a specific packet flow. The shaping rules are handled independently of the firewall rules and other settings.
Caching Proxy
The included caching proxy is fully functional and includes category-based web filtering, extensive access control lists and can run in transparent mode. The proxy can be combined with the Traffic Shaper to increase usability. Integration with most professional anti-virus solutions is possible via the ICAP interface.
- Processor
Powerful dual-core processor with up to 2.6 Ghz - Memory
8 GB DDR4-3200 - System memory
120 GB M.2 SSD - Ethernet-Ports
4x 2.5G Ethernet, RJ45 - LEDs
1x power button (blue)
1x power indicator (green)
1x HDD hard disk activity indicator (red)
1x hard disk activity indicator (yellow) - Video / graphics
1x HDMI 1.4, 1x DP 1.4 - USB Ports
2x USB 3.0 Typ A, 1x USB-C 3.2 Typ C - Console
1x USB Micro 2.0 (serial RS232 communication via UART) - Robust metal housing
Desktop, fanless - Dimensions
50 mm (H), 146 mm (B), 127 mm (T) - Weight
Approx. 0.80 kg - Operating temperature
-10°C bis 50°C - Humidity
0-95% (non-condensing) - Maximum power consumption
24W - Scope of delivery
FW2000, patch cable, power supply unit, quick start guide - Warranty
2 / 3 year bring-in manufacturer's warranty
Intuitive user interface (GUI)
The user interface has been developed with a focus on user-friendliness and clarity. Whether you are an IT professional or a beginner, the intuitive UI allows you to configure your firewall settings easily and efficiently.
- User-friendly design: Clear and structured menus and options facilitate navigation and configuration.
- Responsive layout: The design adapts to different screen sizes for optimal usability on desktops, tablets and smartphones.
- Simple configuration wizards: Wizards guide you through the setup of basic firewall functions to avoid errors and speed up setup.
Comprehensive firewall functions
- Stateful firewall: Monitors incoming and outgoing data traffic and blocks unwanted connections. It provides detailed rule management to control network access.
- Rule-based firewall: Create customized firewall rules based on IP addresses, ports and protocols for granular control over traffic.
- Logging and reporting: Detailed logs and reports on blocked and allowed traffic for monitoring and analys
- NAT (Network Address Translation): Enables translation of IP addresses on the network to protect internal network traffic and reduce the number of public IP addresses required.
- Port forwarding and 1:1 NAT: Configure port forwarding and 1:1 NAT rules for accessing internal services and servers from the Internet.
- Outbound NAT: Automatic translation of internal IP addresses for outbound Internet traffic.
- VPN support: Integrated support for various VPN protocols such as OpenVPN, IPsec and L2TP enables secure and encrypted connections for remote access and cross-site network connections.
- Quick setup: Predefined VPN profiles and configuration wizards make it easy to set up VPN connections.
- Dynamic IP support: Support for dynamic IP addresses and DDNS services for flexible VPN configurations.
- IPv6 support: Full support for the IPv6 protocol for future-proof networks and improved network addressing.
- Dual-stack support: Support for IPv4 and IPv6 for seamless integration in mixed networks.
- Automatic configuration: Automatic assignment of IPv6 addresses via DHCPv6 or SLAAC.
Virtual Private Network (VPN)
- IPsec and OpenVPN GUI: Easy configuration and management of VPN connections for secure and private network communication. Use pre-configured profiles or create your own VPN connections with individual settings.
- Strong encryption: Support for strong encryption standards and authentication methods for maximum security.
- VPN status monitoring: Monitor the status of VPN connections and receive notifications in the event of connection problems.
- WireGuard (plugin): Modern and fast VPN technology for an even more secure and efficient connection. The WireGuard plugin offers easy integration and configuration of WireGuard VPN connections with high performance and security.
- High speed: Optimized VPN tunnel with low latency and high throughput.
- Easy configuration: Intuitive user interface for easy setup and management of WireGuard VPN connections.
Intrusion Detection and Prevention System (IDPS)
An Intrusion Detection and Prevention System (IDPS) monitors network traffic and system activity in real time for potential threats and attacks. The IDPS detects and blocks anomalies and suspicious patterns to provide protection against a variety of attacks such as malware, DDoS, brute force and zero-day attacks.
An Intrustion Detection System (IDS) monitors network traffic for suspicious patterns and can alert the operator when a pattern matches a database of known behaviors.
An Intrusion Prevention System (IPS) goes one step further by examining each packet as it passes through a network interface to determine if the packet is suspicious in any way. If it matches a known pattern, the system can discard the packet to mitigate a threat.
The Suricata software used can be deployed as both an IDS and IPS system. Suricata provides real-time monitoring of network traffic for anomalies and suspicious activity as well as automatic rule updates to protect against the latest threats.
- Real-time monitoring: Continuous monitoring of network traffic for anomalies and suspicious activity.
- Automatic rule updates: Regularly update IDPS rules to protect against the latest threats.
State of the art security features
- URL filter: Blocks access to unwanted websites and thus protects against harmful content and phishing attempts.
- Custom filter rules: Create custom filtering rules based on URLs, keywords and categories for precise control of web access.
- Blacklisting and whitelisting: Define allowed and blocked websites for added security and control.
- Content filtering: Allows you to control traffic based on content and categories to increase security and productivity. You can control traffic for specific applications, websites or services.
- Deep content inspection: Identify and filter web content based on keywords, categories and file types.
- Time-based rules: Time-based filtering rules to customize access permissions at different times of the day.
- Antivirus integration: Integrated antivirus scans protect your network from malicious files and malware by regularly scanning traffic and downloaded files.
- Automatic virus definition updates: Regular virus definition updates to protect against the latest malware threats.
- On-demand scans: Manual and scheduled scans of files, folders and the entire system for a comprehensive security check.
- Two-Factor Authentication (2FA): Enhances access control security with additional authentication mechanisms to prevent unauthorized access to the system.
- Multiple 2FA methods: Support for multiple 2FA methods such as SMS, email and hardware tokens for flexible and secure authentication options.
- Customized access policies: Configure customized access policies and authentication levels for increased security.
Traffic Shaping und Quality of Service (QoS)
Optimize network performance by prioritizing traffic and limiting bandwidth for specific applications or services. With QoS, you can effectively allocate network resources and ensure that important services are prioritized.
- Service prioritization: Assign bandwidth priorities to specific services and applications to ensure optimal network performance.
- Bandwidth management: Setting bandwidth limits and restrictions for individual users, devices or network segments.
High availability and redundancy
By supporting multi-WAN, failover and load balancing, the firewall offers high availability and reliability for your network. The functions enable automatic switching to alternative Internet connections in the event of failures and optimize network load distribution for better performance.
- Multi-WAN support: Connect to multiple Internet providers for redundancy and increased network availability.
- Failover and load balancing: Automatically switch to alternative Internet connections in the event of failures and optimize load balancing for even network load.
Extended network functions
- DHCP server and client: Simplified management of IP addresses and network configurations. The DHCP server enables the automatic assignment of IP addresses to devices in the network, while the DHCP client facilitates the automatic IP configuration for the network device.
- Lease Management: Manage IP lease times and assignments for optimal network resource utilization.
- Static IP assignments: Assign fixed IP addresses to specific devices for consistent network configuration.
- DNS filtering: Protects against DNS-based attacks and enables filtering of unwanted domains by integrating with secure DNS services and configuring DNS rules.
- Secure DNS servers: Use of reliable and secure DNS servers for protection against DNS-based attacks and phishing attempts.
- Custom DNS rules: Create custom DNS rules and filters to control DNS access and block unwanted domains.
- Captive Portal: Authentication and access control for guests and users on the network by creating custom portals with individual login and authentication options.
- User-friendly login pages: Customizable login pages with logo, welcome messages and terms of use for professional and personalized access.
- Authentication options: Various authentication methods such as username/password, voucher codes or integrated login pages for social media.
Dashboard and modern user interface
A clear dashboard provides you with real-time information on the status of your network and makes it easier to manage and monitor your firewall settings. The modern user interface offers intuitive navigation and a clear presentation of network data and statistics.
- Real-time monitoring: Dynamic charts and graphs to visualize network activity, bandwidth usage and system resources.
- Custom widgets: Customizable widgets and panels to customize the dashboard and get a quick overview of important network information.
Plugin system and expandability
Thanks to the flexible plugin system, you can add additional functions and extensions to expand the range of functions according to your requirements. The extensive plugin library offers a wide range of extensions for specific network functions and integrations.
- Diverse plugin selection: A wide selection of plugins for additional features such as advanced security functions, network applications and integrations.
- Easy to install and update: Easily install and update plugins directly from the user interface for quick enhancements and updates.
Active reporting and logging
Detailed reporting and logging for compliance, monitoring and analysis of network performance. Gain insight into network traffic, security events and system activity through customized reports and logs.
- Comprehensive logging: Detailed and comprehensive logging of network activity, security events and system events for auditing and analysis.
- Customizable reports: Create custom reports and analysis based on specific criteria, time periods and network metrics.
LDAP/Active Directory-Integration
Easy integration into existing corporate infrastructures for centralized management of users and access rights. Synchronize user accounts, groups and permissions with LDAP or Active Directory for centralized user management and access control.
- User and group synchronization: Automatic synchronization of user accounts, groups and permissions between the system and an LDAP/Active Directory.
- Central access control: Simple and centralized management of user permissions and access policies via LDAP/Active Directory integration.
