Simgenet Datacenter Firewall Security Platform
Simgenet Datacenter Firewall Security Platform
A fully modular, high-capacity firewall security platform developed for datacenters, service providers, and large enterprise networks requiring high bandwidth, high concurrency, and continuous 7/24 operation.
Simgenet Firewall Security Platform – SMG818 Datacenter Series is a fully modular, high-capacity firewall security platform developed for datacenters, service providers, and large enterprise networks requiring high bandwidth, high concurrency, and continuous 7/24 operation.
The platform is positioned for datacenter edge (north-south traffic), datacenter internal networks (east-west traffic), service provider (ISP) edge and aggregation points, large enterprise backbone and core networks, as well as 100G high-speed aggregation and segmentation scenarios.
Hardware Platform
| Form Factor | 19" 2U Rackmount |
| Architecture | x86_64 (Intel® C741 Chipset) |
| Processor | Intel® Xeon® Gold 5418Y — 24C/48T, 2.0 GHz (Turbo ~3.8 GHz), 45 MB L3 |
| Operating System | OPNsense Business Edition (commercial licensed) |
| Operating Temperature | -20°C ~ +60°C |
Firewall & Security Services
| Stateful Firewall | IPv4/IPv6 stateful packet inspection, zone-based security |
| Firewall Aliases | IP, network, port, MAC, GeoIP and BGP ASN alias-based rule management |
| Time-based Rules | Time-based firewall rules |
| NAT | Source NAT, Destination NAT, Port NAT, 1:1 NAT, NPt (IPv6) |
| ACL / Packet Filter | Rule-based packet filtering, logging and counters |
| Anti-DDoS | SYN cookies, rate limiting, connection limits |
| Bogon Blocking | Bogon IP address blocking |
| GeoIP Filtering | MaxMind GeoLite2 with country-based traffic blocking |
| State Table Control | State table size, connections/sec, timeout control |
| Traffic Normalization | Protection against protocol inconsistencies |
| Packet Capture | Packet-level network traffic capture and analysis |
Intrusion Detection & Prevention (IDS/IPS)
| IDS / IPS (Suricata) | Network-based attack detection and prevention — inline or passive mode |
| ICS Protocol Awareness | Modbus TCP, DNP3, EtherNet/IP application layer analysis |
| SCADA/ICS Detection | Proofpoint ET Pro ruleset — industrial attack and anomaly detection |
| DPI | Zenarmor plugin with Deep Packet Inspection, L7 application control |
VPN & Remote Access
| IPsec VPN | IKEv1/IKEv2, route-based VTI, site-to-site and remote access (strongSwan) |
| OpenVPN | SSL/TLS VPN — site-to-site, mobile user, QR code client export |
| WireGuard VPN | Modern, high-performance VPN — QR code with configuration |
| Ek VPN | OpenConnect, Stunnel, Tinc, ZeroTier (plugin) — L2TP VPN |
| Multi-Factor Auth | TOTP-based 2FA — Google Authenticator, hardware token |
Web & Content Security
| Web Application FW | Protection of web services against injection attacks |
| Web Proxy (Squid) | Transparent and explicit caching proxy, HTTP/HTTPS filtering |
| URL Filtering | URL, domain and category-based access control (plugin) |
| SSL/TLS Inspection | Squid proxy with SSL bumping, encrypted traffic inspection |
| DNS Filtering | DNS over TLS (DoT) with DNS-based threat protection |
| Antivirus | ClamAV proxy integration with web traffic scanning (plugin) |
| Let's Encrypt | Automatic SSL/TLS certificate generation and renewal |
Routing & Network
| Static Routing | Manual route configuration |
| Dynamic Routing | OSPF, BGP, IS-IS, LDP, PIM, RIP (FRRouting plugin) |
| Policy-Based Routing | Policy and criterion-based traffic routing |
| VLAN / Segmentation | IEEE 802.1Q (4096 VLAN/interface), QinQ 802.1ad |
| VXLAN | Virtual eXtensible LAN — overlay network support |
| Bridging | Layer 2 bridging — RSTP/RTP support |
| GIF/GRE Tunneling | Point-to-point GRE and GIF tunnel interfaces |
| Virtual IP | CARP, IP Alias, Proxy ARP with virtual IP definition |
| IPv6 Dual-Stack | Full IPv4 + IPv6 dual-stack support |
| LAGG | Bandwidth and redundancy for interface bonding |
Traffic Management
| Traffic Shaping / QoS | Bandwidth management, priority queue, traffic prioritization |
| Multi-WAN | Multiple WAN — failover and load balancing |
| Gateway Monitoring | RTT, RTTd and packet loss with real-time monitoring |
Network Services
| DHCP Server/Relay | DHCPv4/v6 server and relay (ISC/Kea) |
| DNS Server | Unbound recursive + Dnsmasq forwarder, DNS over TLS (DoT) |
| NTP Server | Network time synchronization across infrastructure (ntpd) |
| Dynamic DNS | Automatic DNS update for dynamic IP addresses |
| SNMP v1/v2c/v3 | Network equipment monitoring and status management |
High Availability
| CARP Failover | Active/passive or active/active failover |
| pfsync State Sync | State synchronization between clustered firewalls |
| Config Sync | Configuration synchronization between primary/secondary devices |
| Load Balancing | Distribute incoming traffic across multiple servers (plugin) |
Authentication & Access Control
| Local User Management | User and group management |
| RADIUS / LDAP / AD | Central identity management integration |
| Captive Portal | Web-based authentication before network access |
| Certificate Management | SSL/TLS certificate, CA and CRL management |
| SSO | Dizin servisleri with Single Sign-On support |
Management & Monitoring
| Web GUI | Role-based access control and customizable dashboard |
| CLI / Console | FreeBSD shell + OPNsense console — serial and SSH access |
| REST API | Full REST API with ACL support, automation integration |
| OPNCentral | Central multi-site management and firmware control |
| NetFlow / IPFIX | Flow-based traffic analysis, detailed reporting |
| Syslog | UDP, TCP, encrypted TLS — IPv4/IPv6 local and remote syslog |
| Live Traffic | Live traffic graph and Top Talkers per interface |
| System Health | CPU, memory, disk I/O performance graphs |
| Monit | Service and resource monitoring, conditional alerts |
| Firmware Mgmt | Automatic update via web/console |
| Backup & Restore | Local, Google Drive, Git, NextCloud backup |
| Config History | Change tracking, revert to previous version |
| Snapshots | Full system snapshot, quick recovery |
| LLDP | Network topology discovery (os-lldpd plugin) |
EMC Immunity (EN 55035)
| ESD (IEC 61000-4-2) | ±4 kV contact, ±8 kV air discharge |
| Radiated RF (IEC 61000-4-3) | 10 V/m, 80 MHz – 6 GHz |
| EFT/Burst (IEC 61000-4-4) | ±2 kV power, ±1 kV signal lines |
| Surge (IEC 61000-4-5) | ±2 kV line-to-ground, ±1 kV line-to-line |
| Conducted RF (IEC 61000-4-6) | 10 V, 150 kHz – 80 MHz |
| Magnetic Field (IEC 61000-4-8) | 30 A/m, 50 Hz |
| Voltage Dips (IEC 61000-4-11) | %0 · 0.5 per., %40 · 5 per., %70 · 25 per. |
Certifications & Compliance
| CE | 2014/30/EU EMC Directive, 2014/35/EU LVD Directive |
| LVD | IEC 62368-1 / EN 62368-1 |
| RoHS | 2011/65/EU RoHS Directive |
Positioning
| Target Use | Datacenter edge security, internal network segmentation, ISP edge/aggregation |
| Target Segment | Datacenter, service provider, large enterprise networks |
| Not Targeted | Small office, campus, SMB environments, datacenter core firewall |
Plugin Architecture
| Plugin System | 70+ community and commercial plugins — modular extensibility |