New: NitroWall for Professional Network Security
Our ever-growing product portfolio was still missing a trusted network router and VPN gateway as a counterpart to two-factor authentication using Nitrokeys. Here is NitroWall! Your firewall, intrusion prevention system (IPS) and VPN gateway. Trustworthy thanks to open source firmware and software. For professional users with professional requirements.
Firewall and Intrusion Prevention System (IPS)
Based on the powerful OPNsense, NitroWall meets all the requirements of a professional firewall and IPS such as multi WAN, hardware failover, routing protocols, web filtering, and two-factor authentication.
VPN gateway for IPSec and OpenVPN with powerful Intel Quadcore CPU with AES-NI for fast data throughput. Secure two-factor authentication via Nitrokey (instead of password) is possible with IPSec.
Open Source Firmware Coreboot
Instead of a proprietary BIOS, the NitroWall uses the open source firmware Coreboot, which offers transparency, minimal attack surface and high speed.
Unlike common ARM-based systems, NitroWall contains the powerful Intel Quadcore CPU J3160 with 1.6 GHz and AES-NI. 8 GB RAM, SSD and four Gigabit Ethernet ports provide sufficient resources.
- Unencrypted LAN: 940 Mbps
- OpenVPN AES256-GCM: 887 Mbps (UPDATED)
- IPSec AES128-GCM/AES-XCBC/AES128-GCM: 635 Mbps
Fanless, Rugged Metal Chassis
NitroWall features a small, rugged metal chassis. It does not require a fan, making it completely silent and virtually maintenance-free. In addition, NitroWall is very energy efficient.
Numerous Operating Systems
Instead of OPNsense, NitroWall can be operated with other operating systems such as pfSense, Ubuntu, Windows or Proxmox.
Robust Industrial PC
Thanks to its closed housing and compact size, NitroWall is also suitable as a robust industrial PC in combination with operating systems such as Ubuntu or Windows.
Frequently Asked Questions
Is NitroWall suitable as a replacement for my home router?
Generally not. NitroWall does not include a DSL or cable modem but requires network access via Ethernet. But NitroWall can be operated behind home routers. In addition, the configuration is aimed at professional users with appropriate prior knowledge.
I got a CryptoStick v2 all the way back in 2012 and have been happy with your efforts since. I just wanted to say thank you for taking a step into filling this niche too. I'm an extensive user of OPNsense having switched all my gateway/routing/edge appliance activities to it for both myself and a number of clients over the last few years, but I've run it primarily on SuperMicro 1U boxes. I've wanted a better option to fill the role in smaller scale/managed home solutions, and while using a NUC or other embedded options is of course doable it's nice to see you take a step towards making it more turnkey. Deciso, the company behind OPNsense Business Edition, does offer a number of options too but they neuter important hardware functionality and many of them are very long in the tooth and mediocre value. A few comments though:
1. A 16GB flash card just shouldn't even be something you offer IMO. At RPi price points sure, but at $500+ you should really try to have the 120 be the basic default. CPU ceiling can't be helped, but people should be able to play around with IDS/IPS, web proxying, plenty of log space (circular logs are dead now) etc. A decent basic 250GB NVMe SSD like the PNY CS1030 is about $34-40 retail. I just don't think it's a place to penny pinch vs user experience personally.
2. Having said that at the $500 level you should be a bit more generous, I'm going to turn right around and hope you can pull off a $100-200 Arm (probably not x86) version down the road too! Obviously at that point there would need to be some more feature cuts, just two ports etc.
3. If this does well enough for you, I hope you can fund some focused improvements in OPNsense itself. In particular given your original business, it'd be nice to have webauthn support for the OPNsense web gui as well as easy native key support for ssh and logging into the console.
4. I can't tell, but I hope you're installing this as ZFS native particularly on the 120+ drives. Even with one drive being able to detect (and repair with copies=2+) corruption is useful, as is snapshots and boot environment rollbacks if something goes pear shaped.
Anyway, best of luck with this! I'm delighted to see a slow but growing appreciation for how important open source is for network edges after ages of people getting burned by crappy appliances (happening again right now! Ars Technica just had a piece on yet another massively widespread flaw, "Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw"). OPNsense remains too technical/clunky for a lot of users for now, but the foundations are good and if you do want to put some time in it's so nice to have normal open PC management/recovery for such a critical piece of infrastructure. I hope it does well enough in its niche for you.
Add new comment