Skip to main content

Overview

VaultWares network security appliances provide comprehensive network protection with integrated firewall, intrusion detection/prevention, VPN, and deep packet inspection capabilities. These rack-mountable appliances are designed for high-performance enterprise environments.

Product lineup

VaultGate 1000

Throughput: 1 Gbps
Users: Up to 100
Form factor: 1U rack-mount

VaultGate 5000

Throughput: 5 Gbps
Users: Up to 500
Form factor: 1U rack-mount

VaultGate 10000

Throughput: 10 Gbps
Users: Up to 2,000
Form factor: 2U rack-mount

VaultGate Enterprise

Throughput: 40 Gbps
Users: Unlimited
Form factor: 2U rack-mount

Key features

Network security

  • Next-generation firewall: Application-aware filtering and control
  • IDS/IPS: Real-time intrusion detection and prevention
  • Deep packet inspection: Layer 7 traffic analysis
  • Anti-malware: Inline malware scanning and blocking
  • Web filtering: URL categorization and content filtering
  • DDoS protection: Automatic attack mitigation

VPN capabilities

  • IPsec VPN: Site-to-site and remote access
  • SSL VPN: Clientless browser-based access
  • WireGuard: Modern, high-performance VPN protocol
  • Split tunneling: Selective traffic routing
  • Multi-factor authentication: Integrated 2FA/MFA for VPN access

High availability

  • Active-passive failover: Automatic failover with state synchronization
  • Active-active clustering: Load balancing across multiple units
  • Link aggregation: LACP support for increased bandwidth
  • Redundant power: Dual hot-swappable PSUs

Technical specifications

SpecificationDetails
Firewall throughput1 Gbps
VPN throughput500 Mbps
IPS throughput750 Mbps
Concurrent sessions500,000
New sessions/sec25,000
Network ports8x GbE RJ45, 2x GbE SFP
Management1x GbE dedicated, console
Storage256GB SSD
Memory16GB DDR4
PowerSingle PSU, 100-240V AC, 150W
Dimensions1U (44mm x 430mm x 400mm)
Operating temp0°C to 40°C
Warranty3 years

Setup and configuration

Initial setup

1

Physical installation

Rack mount the appliance and connect power cables. For models with dual PSUs, connect both for redundancy.
2

Connect management port

Connect a laptop to the dedicated management port (default IP: 192.168.1.1).
3

Access web interface

Navigate to https://192.168.1.1 and login with default credentials (admin/admin).
4

Run setup wizard

Complete the initial configuration wizard to set hostname, admin password, and network interfaces.

Network interface configuration

# Configure WAN interface
vw-network interface set wan1 \
  --mode dhcp \
  --mtu 1500

# Configure LAN interface
vw-network interface set lan1 \
  --ip 10.0.0.1 \
  --netmask 255.255.255.0 \
  --dhcp-server enable \
  --dhcp-range 10.0.0.100-10.0.0.200

# Configure DMZ interface
vw-network interface set dmz1 \
  --ip 172.16.0.1 \
  --netmask 255.255.255.0

Firewall rules

# Allow HTTP/HTTPS from LAN to WAN
vw-firewall rule add \
  --name "Allow Web Traffic" \
  --source lan1 \
  --destination wan1 \
  --service http,https \
  --action allow

# Block all inbound traffic except established
vw-firewall rule add \
  --name "Block Inbound" \
  --source wan1 \
  --destination lan1 \
  --state new \
  --action deny

# Allow specific server in DMZ
vw-firewall rule add \
  --name "Web Server" \
  --source wan1 \
  --destination 172.16.0.10 \
  --service https \
  --action allow

VPN configuration

IPsec site-to-site VPN

# Configure IPsec tunnel
vw-vpn ipsec create \
  --name "Branch Office" \
  --local-gateway 203.0.113.10 \
  --remote-gateway 198.51.100.20 \
  --local-network 10.0.0.0/24 \
  --remote-network 10.1.0.0/24 \
  --psk "your-pre-shared-key" \
  --encryption aes256 \
  --authentication sha256 \
  --dh-group 14

# Enable the tunnel
vw-vpn ipsec enable "Branch Office"

SSL VPN for remote access

# Configure SSL VPN
vw-vpn ssl configure \
  --port 443 \
  --ip-pool 10.10.0.0/24 \
  --dns 8.8.8.8,8.8.4.4 \
  --split-tunnel enable \
  --routes 10.0.0.0/8,172.16.0.0/12

# Add VPN user
vw-vpn ssl user add \
  --username john.doe \
  --password "secure-password" \
  --2fa enable \
  --groups remote-workers

# Generate client configuration
vw-vpn ssl client-config \
  --user john.doe \
  --output john-doe-vpn.ovpn

WireGuard VPN

# Initialize WireGuard
vw-vpn wireguard init \
  --interface wg0 \
  --port 51820 \
  --address 10.20.0.1/24

# Add peer
vw-vpn wireguard peer add \
  --name "Mobile Device" \
  --public-key "peer-public-key" \
  --allowed-ips 10.20.0.2/32 \
  --persistent-keepalive 25

# Show configuration
vw-vpn wireguard show wg0

Intrusion prevention

Enable IPS

# Enable IPS engine
vw-ips enable \
  --mode prevention \
  --interfaces wan1,dmz1

# Update signatures
vw-ips update-signatures

# Configure IPS policy
vw-ips policy set \
  --profile high-security \
  --block-severity high,critical \
  --alert-severity medium \
  --log-all true

Custom IPS rules

# Create custom rule
vw-ips rule create \
  --name "Block SQL Injection" \
  --pattern "union.*select|select.*from.*where" \
  --protocol http \
  --action block \
  --severity high

# Import Snort rules
vw-ips import-rules \
  --format snort \
  --file custom-rules.rules

Web filtering

Configure content filtering

# Enable web filtering
vw-webfilter enable \
  --mode proxy \
  --port 8080

# Block categories
vw-webfilter category block \
  --categories adult,gambling,malware,phishing

# Allow specific sites
vw-webfilter whitelist add \
  --url example.com \
  --comment "Corporate website"

# Block specific sites
vw-webfilter blacklist add \
  --url badsite.com \
  --comment "Known malware distributor"

SSL inspection

# Enable SSL inspection
vw-webfilter ssl-inspection enable \
  --ca-cert /etc/vaultwares/ca.crt \
  --ca-key /etc/vaultwares/ca.key

# Exclude sites from inspection
vw-webfilter ssl-inspection exclude \
  --domains banking.com,healthcare.gov \
  --reason "Privacy/compliance"

High availability

Configure HA cluster

# Initialize HA on primary
vw-ha init \
  --role primary \
  --peer-ip 192.168.100.2 \
  --sync-interface ha0 \
  --virtual-ip 203.0.113.100 \
  --password "ha-sync-password"

# Initialize HA on secondary
vw-ha init \
  --role secondary \
  --peer-ip 192.168.100.1 \
  --sync-interface ha0 \
  --password "ha-sync-password"

# Verify HA status
vw-ha status

# Output:
# HA Status: Active
# Role: Primary
# Peer Status: Online
# Sync Status: In Sync
# Failover: Ready

Test failover

# Trigger manual failover
vw-ha failover --force

# Monitor failover
vw-ha monitor --live

Monitoring and logging

Real-time monitoring

# View live traffic
vw-monitor traffic --interface wan1 --live

# View active sessions
vw-monitor sessions --top 20

# View threat dashboard
vw-monitor threats --last 24h

Configure logging

# Configure syslog
vw-logging syslog add \
  --server syslog.example.com \
  --port 514 \
  --protocol udp \
  --facility local0

# Configure SIEM integration
vw-logging siem configure \
  --type splunk \
  --server splunk.example.com:8088 \
  --token "your-hec-token" \
  --format json

# Export logs
vw-logging export \
  --start-date "2024-01-01" \
  --end-date "2024-01-31" \
  --format csv \
  --output firewall-logs.csv

Performance optimization

Traffic shaping

# Configure QoS
vw-qos policy create \
  --name "VoIP Priority" \
  --interface wan1 \
  --priority high \
  --bandwidth-guarantee 2Mbps \
  --protocol udp \
  --ports 5060-5061,10000-20000

# Bandwidth limits
vw-qos limit set \
  --interface wan1 \
  --upload 100Mbps \
  --download 500Mbps \
  --per-user-limit 10Mbps

Connection optimization

# Enable connection pooling
vw-optimize connection-pool enable \
  --max-connections 1000000 \
  --timeout 3600

# Enable TCP optimization
vw-optimize tcp \
  --window-scaling enable \
  --selective-ack enable \
  --timestamps enable

Backup and restore

Configuration backup

# Create backup
vw-backup create \
  --output /backup/vaultgate-$(date +%Y%m%d).tar.gz \
  --encrypt \
  --password "backup-password"

# Automated backups
vw-backup schedule \
  --frequency daily \
  --time 02:00 \
  --retention 30days \
  --destination sftp://backup.example.com/vaultgate/

Restore configuration

# Restore from backup
vw-backup restore \
  --input /backup/vaultgate-20240115.tar.gz \
  --password "backup-password" \
  --reboot

Troubleshooting

  • Verify WAN interface configuration: vw-network interface show wan1
  • Check default gateway: vw-network route show
  • Test DNS resolution: vw-network dns-test google.com
  • Review firewall rules: vw-firewall rule list
  • Verify VPN service is running: vw-vpn status
  • Check firewall allows VPN ports (UDP 500, 4500 for IPsec)
  • Review VPN logs: vw-vpn logs --tail 100
  • Test connectivity to remote gateway: vw-network ping <remote-ip>
  • Check active sessions: vw-monitor sessions --count
  • Review IPS load: vw-ips stats
  • Disable SSL inspection temporarily if enabled
  • Consider upgrading to higher-capacity model
  • Verify HA interface connectivity: vw-ha test-connection
  • Check time synchronization (NTP): vw-system time show
  • Review HA logs: vw-ha logs
  • Force resync: vw-ha sync --force

Next steps

Installation guide

Detailed setup instructions

Best practices

Security recommendations

API reference

Programmatic management

Support

Get technical assistance