1. General Explanations

1.1. Introduction

VT AIR Next Gen Firewall is a Linux based firewall system delivering high firewall throughput while containing large number of Features to manage your network.

VT AIR is equipped with a modern management WebGUI, REST API and command line.

1.2. VT AIR Architecture

VT AIR runs on the Linux Operating System Debian and it utilizes a custom Linux Kernel for maximum compatibility and network speed.

1.3. Technology Stack

VT AIR is designed and built using open source software projects including:

1.4. Default login

The default login data for the WebGUI needs to be set the first time you log on. The WebGUI will force you to set a password for the default user admin.

For SSH or the console the user is root. The root and admin user share the same password, so you can use the SSH login only after the default has been set.

Note

VT AIR Amazon AWS and VT AIR Azure have a different login nechanism

1.5. Default Firewall User

The following users are active on the firewall by default:

Name

Function

Description

admin

Web GUI Administrator

Webinterface Admin

hasync

Web GUI High Availability User

HA Config Sync User with random password

root

SSH Only User

Password is synced with admin user

1.8. Supported Browser

VT AIR supports Chrome, Edge, Firefox and Safari. The Internet Explorer is not a supported browser and might have errors showing GUI features.

1.9. Current VT AIR Appliances

Desktop
Rack
Industrial

1.10. Release Schedule

VT AIR is released quarterly and the version number reflects the month and year of the release. For example the release 2021.07.1 is released in July 2021.

Releases are in January, Aprul, July and October and are numbered like the following by replacing YYYY with the year of the release:
  • YYYY.01

  • YYYY.04

  • YYYY.07

  • YYYY.10

The Kernel is updated on the 04 (April) and 10 (October) release. There are exceptions like critical security vulnerabilities or other major reasons where we are forced to release a Kernel update outside of the release schedule.

1.11. Default Firewall Rules

Only the LAN Interface has default firewall rules enabled.

Protocol

Source IP

Source Port

Destination IP

Destination Port

Description

TCP

Any

Any

LAN Address

22, 80, 443

Anti Lockout Rule

TCP/UDP

LAN Network

Any

LAN Address

53, 853

DNS Server

ICMP

LAN Network

-

LAN Address

-

ICMP to VT AIR

Any

Any

Any

Private Networks

Any

Access to Private IPs v4 and v6

Any

Any

Any

NOT Private Networks

Any

Access to Public IPs v4 and v6

The WAN Interface blocks all Traffic and has an explicit extra Firewall Rule to block Private IPs.

Please refer to the open ICMP and ICMPv6 ports below for all Interfaces.

1.12. Default Services

The following tables shows the Services and their open ports that are enabled in factory default settings on the VT AIR:

Service

Port

Protocol

Default Firewall Rule

Description

DNS

53

TCP and UDP

Yes on LAN Interface

DNS Server

DNS

853

TCP and UDP

Yes on LAN Interface

DNS Server TLS

HTTP

80

TCP

Yes on LAN Interface

Web Server

HTTPS

443

TCP

Yes on LAN Interface

Web Server

DHCP

67

UDP

Yes on LAN Interface

DHCP Server

SSH

22

TCP

Yes on LAN Interface

SSH Server

NTP

123

UDP

No Blocked

NTP Server

ICMP

ICMP

Yes on LAN Interface + See Table below

ICMP Messages

ICMPv6

ICMPv6

See Table below

ICMPv6 Messages

Open ICMP Types to the VT AIR Firewall:

ICMP Type

Input Interface

Description

All

LAN

LAN ICMP to VT AIR

Destination unreachable (3)

ALL

Destination Unreachable Message

Time exceeded (11)

ALL

Time exceeded Message

Parameter problem (12)

ALL

Parameter Problem

Open ICMPv6 Types to the VT AIR Firewall:

ICMPv6 Type

Input Interface

Description

Destination unreachable (1)

ALL

Destination Unreachable Message

Packet Too Big (2)

ALL

Packet Too Big

Time exceeded (3)

ALL

Time exceeded Message

Parameter problem (4)

ALL

Parameter Problem

Neighbor Solicitation (135)

ALL

Neighbour Solicitation

Neighbor Advertisement (136)

ALL

Neighbour Advertisement

Multicast Listener Query (130)

ALL

Multicast Listener Query

Multicast Listener Report (131)

ALL

Multicast Listener Report

Multicast Listener Done (132)

ALL

Multicast Listener Done

Multicast Listener Report v2 (143)

ALL

Multicast Listener Report

Multicast Router Advertisemet (151)

ALL

Multicast Listener Report

Multicast Router Solicitation (152)

ALL

Multicast Listener Report

Multicast Router Termination (153)

ALL

Multicast Listener Report

Echo Reply (129)

ALL (fe80::/10, ff02::/16 <-> fe80::/10, ff02::/16)

Link Local Only

Router Solicitation (133)

ALL (fe80::/10, ff02::/16 <-> fe80::/10, ff02::/16)

Link Local Only

Router Advertisement (124)

ALL (fe80::/10, ff02::/16 <-> fe80::/10, ff02::/16)

Link Local Only