UTM3: Security Gateway

Multi-Layer Firewalls from the UTMx series serve to harden networks and protect internal assets.

The concept is highly available (AEC-3) and consists of various security components:

  • OSI Layer 3 Stateful Packetfilter
  • HA: VRRP, TCP/IP Session Migration + Multipath Routing
  • Zeek/Bro Network Security Monitoring + NIDS
  • Caching Proxy Server w/ HTTP Virus Scanning
  • Mail VM: Spamfilter, Virus Scanning, Webmail+GPG
  • VPN Gateway: IPsec, OpenVPN, WireGuard
  • RPiX: Rasbperry Pi H/W for transparent IPSEC VPN
  • Mandatory Access Control (MAC)
  • Protection against Bruteforce + DoS Attacks
  • Monitoring VM: System operating data, Syslog/NetFlow visualization
  • Maintenance optionally including DFIR

  • A comparable security solution can also be implemented using OPNsense (FreeBSD)