FW4000

Midsize Security Firewall

  • Dual-core CPU
  • 4x 10/100/1000 Mbit/s
  • IPMI
  • 4 GB ECC DDR4 RAM
  • 120 GB SSD
  • 2x USB 2.0 and 2x USB 3.2 Gen1
  • 1x COM port

Security and performance in a compact 1U design: The FW4000 firewall stands for first-class protection and reliable performance in your network. With a powerful dual-core CPU, 4 GB ECC DDR4 RAM and a generous 120 GB SSD, this firewall ensures fast and efficient data processing without compromising on security.

The functional scope of the FW4000 includes high-end functions such as forward caching proxy, traffic shaping, intrusion detection and the simple setup of OpenVPN clients.

The versatile connectivity of the FW4000 is complemented by 2x USB 2.0 and 2x USB 3.2 Gen1 ports as well as a COM port. This enables flexible integration into your existing network system and simplifies the configuration and management of the firewall.

The firewall has been specifically designed to effectively protect your network from unwanted access, viruses, malware and other potential threats. With its user-friendly interface and robust hardware, the FW4000 is the ideal solution for companies and organizations that value the highest security standards and reliability. Whether in small businesses, medium-sized companies or large organizations - the FW4000 offers a scalable and powerful security solution for every requirement.

Take a look at some of our highlights, but remember that the firewall offers many more features than we can show here.

✓ QoS ✓ 2FA ✓ OpenVPN ✓ IPSec ✓ CARP ✓ Captive Portal ✓ Proxy ✓ Web Filter ✓ IDPS ✓ Netflow ✓ and more!

Product Highlights

Stateful Firewall

A stateful firewall is a firewall that tracks the status of network connections (such as TCP streams, UDP communication) that pass through it. The system provides the ability to group firewall rules by category, an optimal feature for more sophisticated network setups.

Dashboard

The modern user interface offers an intuitive user experience with integrated help and quick navigation via the search field. The firewall dashboard enables quick status checks and supports multi-column drag-and-drop functionality.

Captive Portal

The Captive Portal allows you to enforce authentication or redirect to a click-through page for network access. This is commonly used in hotspot networks, but is also widely used in corporate networks to provide an additional layer of security for wireless internet access. The system offers most enterprise features, including radius and voucher support.

Two-factor authentication

Two-factor authentication, also known as 2FA or 2-Step Verification, is an authentication method that requires two components such as a pin/password + a token. The firewall provides full support for two-factor authentication (2FA) throughout the system using TOTP such as the Google Authenticator.

Traffic Shaper

The traffic shaping of the firewall is very flexible and is based on pipes, queues and corresponding rules. The pipes define the allowed bandwidth; the queues can be used to define a weighting within the pipe and finally the rules are used to apply the shaping to a specific packet flow. The shaping rules are handled independently of the firewall rules and other settings.

Caching Proxy

The included caching proxy is fully functional and includes category-based web filtering, extensive access control lists and can run in transparent mode. The proxy can be combined with the Traffic Shaper to increase usability. Integration with most professional anti-virus solutions is possible via the ICAP interface.

  • Processor
    Powerful dual-core processor
  • Memory
    4 GB ECC DDR4 RAM
  • System memory
    120 GB SSD (Solid State Disk)
  • Ethernet ports
    4x 10/100/1000 Mbit/s
  • IPMI port
    1x (dedicated NIC, IPMI 2.0)
  • USB ports
    2x USB 2.0, 2x USB 3.2 Gen1
  • Other connections
    1x VGA, 1x COM port
  • TPM2.0 (Trusted Platform Module)
    For secure storage of secret keys
  • Real-time clock (RTC)
    CMOS hardware clock
  • Robust metal housing
    19” 1U
  • Dimensions
    43 mm (H), 437 mm (W), 503 mm (D)
  • Weight
    Approx. 15 kg
  • Operating temperature
    20°C to 22°C
  • Air humidity
    40% (non-condensing)
  • Rack mounting rails
    Included, 65 - 84cm (toolless)
  • Redundant power supply
    2x 400 Watt redundant hot swap power supply (80plus Platinum, > 94%)
  • Maximum power consumption
    ≈ 112W
  • Scope of delivery
    FW4000, 2x mains cable, patch cable, lockable front panel, extendable mounting rails 65 - 84cm (toolless), cable joint carrier
  • Manufacturer's warranty
    2 / 3 year bring-in manufacturer's warranty

    Register now free of charge
Intuitive user interface (GUI)

The user interface has been developed with a focus on user-friendliness and clarity. Whether you are an IT professional or a beginner, the intuitive UI allows you to configure your firewall settings easily and efficiently.

  • User-friendly design: Clear and structured menus and options facilitate navigation and configuration.
  • Responsive layout: The design adapts to different screen sizes for optimal usability on desktops, tablets and smartphones.
  • Simple configuration wizards: Wizards guide you through the setup of basic firewall functions to avoid errors and speed up setup.

 

Comprehensive firewall functions
  • Stateful firewall: Monitors incoming and outgoing data traffic and blocks unwanted connections. It provides detailed rule management to control network access.
    • Rule-based firewall: Create customized firewall rules based on IP addresses, ports and protocols for granular control over traffic.
    • Logging and reporting: Detailed logs and reports on blocked and allowed traffic for monitoring and analys
  • NAT (Network Address Translation): Enables translation of IP addresses on the network to protect internal network traffic and reduce the number of public IP addresses required.
    • Port forwarding and 1:1 NAT: Configure port forwarding and 1:1 NAT rules for accessing internal services and servers from the Internet.
    • Outbound NAT: Automatic translation of internal IP addresses for outbound Internet traffic.
  • VPN support: Integrated support for various VPN protocols such as OpenVPN, IPsec and L2TP enables secure and encrypted connections for remote access and cross-site network connections.
    • Quick setup: Predefined VPN profiles and configuration wizards make it easy to set up VPN connections.
    • Dynamic IP support: Support for dynamic IP addresses and DDNS services for flexible VPN configurations.
  • IPv6 support: Full support for the IPv6 protocol for future-proof networks and improved network addressing.
    • Dual-stack support: Support for IPv4 and IPv6 for seamless integration in mixed networks.
    • Automatic configuration: Automatic assignment of IPv6 addresses via DHCPv6 or SLAAC.

 

Virtual Private Network (VPN)
  • IPsec and OpenVPN GUI: Easy configuration and management of VPN connections for secure and private network communication. Use pre-configured profiles or create your own VPN connections with individual settings.
    • Strong encryption: Support for strong encryption standards and authentication methods for maximum security.
    • VPN status monitoring: Monitor the status of VPN connections and receive notifications in the event of connection problems.
  • WireGuard (plugin): Modern and fast VPN technology for an even more secure and efficient connection. The WireGuard plugin offers easy integration and configuration of WireGuard VPN connections with high performance and security.
    • High speed: Optimized VPN tunnel with low latency and high throughput.
    • Easy configuration: Intuitive user interface for easy setup and management of WireGuard VPN connections.

 

Intrusion Detection and Prevention System (IDPS)

An Intrusion Detection and Prevention System (IDPS) monitors network traffic and system activity in real time for potential threats and attacks. The IDPS detects and blocks anomalies and suspicious patterns to provide protection against a variety of attacks such as malware, DDoS, brute force and zero-day attacks.

An Intrustion Detection System (IDS) monitors network traffic for suspicious patterns and can alert the operator when a pattern matches a database of known behaviors.

An Intrusion Prevention System (IPS) goes one step further by examining each packet as it passes through a network interface to determine if the packet is suspicious in any way. If it matches a known pattern, the system can discard the packet to mitigate a threat.

The Suricata software used can be deployed as both an IDS and IPS system. Suricata provides real-time monitoring of network traffic for anomalies and suspicious activity as well as automatic rule updates to protect against the latest threats.

  • Real-time monitoring: Continuous monitoring of network traffic for anomalies and suspicious activity.
  • Automatic rule updates: Regularly update IDPS rules to protect against the latest threats.

 

State of the art security features
  • URL filter: Blocks access to unwanted websites and thus protects against harmful content and phishing attempts.
    • Custom filter rules: Create custom filtering rules based on URLs, keywords and categories for precise control of web access.
    • Blacklisting and whitelisting: Define allowed and blocked websites for added security and control.
  • Content filtering: Allows you to control traffic based on content and categories to increase security and productivity. You can control traffic for specific applications, websites or services.
    • Deep content inspection: Identify and filter web content based on keywords, categories and file types.
    • Time-based rules: Time-based filtering rules to customize access permissions at different times of the day.
  • Antivirus integration: Integrated antivirus scans protect your network from malicious files and malware by regularly scanning traffic and downloaded files.
    • Automatic virus definition updates: Regular virus definition updates to protect against the latest malware threats.
    • On-demand scans: Manual and scheduled scans of files, folders and the entire system for a comprehensive security check.
  • Two-Factor Authentication (2FA): Enhances access control security with additional authentication mechanisms to prevent unauthorized access to the system.
    • Multiple 2FA methods: Support for multiple 2FA methods such as SMS, email and hardware tokens for flexible and secure authentication options.
    • Customized access policies: Configure customized access policies and authentication levels for increased security.

 

Traffic Shaping und Quality of Service (QoS)

Optimize network performance by prioritizing traffic and limiting bandwidth for specific applications or services. With QoS, you can effectively allocate network resources and ensure that important services are prioritized.

  • Service prioritization: Assign bandwidth priorities to specific services and applications to ensure optimal network performance.
  • Bandwidth management: Setting bandwidth limits and restrictions for individual users, devices or network segments.

 

High availability and redundancy

By supporting multi-WAN, failover and load balancing, the firewall offers high availability and reliability for your network. The functions enable automatic switching to alternative Internet connections in the event of failures and optimize network load distribution for better performance.

  • Multi-WAN support: Connect to multiple Internet providers for redundancy and increased network availability.
  • Failover and load balancing: Automatically switch to alternative Internet connections in the event of failures and optimize load balancing for even network load.

 

Extended network functions
  • DHCP server and client: Simplified management of IP addresses and network configurations. The DHCP server enables the automatic assignment of IP addresses to devices in the network, while the DHCP client facilitates the automatic IP configuration for the network device.
    • Lease Management: Manage IP lease times and assignments for optimal network resource utilization.
    • Static IP assignments: Assign fixed IP addresses to specific devices for consistent network configuration.
  • DNS filtering: Protects against DNS-based attacks and enables filtering of unwanted domains by integrating with secure DNS services and configuring DNS rules.
    • Secure DNS servers: Use of reliable and secure DNS servers for protection against DNS-based attacks and phishing attempts.
    • Custom DNS rules: Create custom DNS rules and filters to control DNS access and block unwanted domains.
  • Captive Portal: Authentication and access control for guests and users on the network by creating custom portals with individual login and authentication options.
    • User-friendly login pages: Customizable login pages with logo, welcome messages and terms of use for professional and personalized access.
    • Authentication options: Various authentication methods such as username/password, voucher codes or integrated login pages for social media.

 

Dashboard and modern user interface

A clear dashboard provides you with real-time information on the status of your network and makes it easier to manage and monitor your firewall settings. The modern user interface offers intuitive navigation and a clear presentation of network data and statistics.

  • Real-time monitoring: Dynamic charts and graphs to visualize network activity, bandwidth usage and system resources.
  • Custom widgets: Customizable widgets and panels to customize the dashboard and get a quick overview of important network information.

 

Plugin system and expandability

Thanks to the flexible plugin system, you can add additional functions and extensions to expand the range of functions according to your requirements. The extensive plugin library offers a wide range of extensions for specific network functions and integrations.

  • Diverse plugin selection: A wide selection of plugins for additional features such as advanced security functions, network applications and integrations.
  • Easy to install and update: Easily install and update plugins directly from the user interface for quick enhancements and updates.

 

Active reporting and logging

Detailed reporting and logging for compliance, monitoring and analysis of network performance. Gain insight into network traffic, security events and system activity through customized reports and logs.

  • Comprehensive logging: Detailed and comprehensive logging of network activity, security events and system events for auditing and analysis.
  • Customizable reports: Create custom reports and analysis based on specific criteria, time periods and network metrics.

 

LDAP/Active Directory-Integration

Easy integration into existing corporate infrastructures for centralized management of users and access rights. Synchronize user accounts, groups and permissions with LDAP or Active Directory for centralized user management and access control.

  • User and group synchronization: Automatic synchronization of user accounts, groups and permissions between the system and an LDAP/Active Directory.
  • Central access control: Simple and centralized management of user permissions and access policies via LDAP/Active Directory integration.
ProductModelCPURAMHDD  Ethernet  
FW4000Dual-Core4 GB120 GB SSD  4x 1 Gbit/s  
FW5000Hexa-Core16 GB240 GB SSD  8x 1 Gbit/s  
          

Downloads

For the moment the data-files are available in German language only.