Simgenet Firewall

Simgenet Modular Edge & Internal Network Firewall Platform

A modular firewall security platform developed for hotels, factories, campuses, and large enterprise internal network architectures, built on server-class hardware architecture with high port density and modular network interfaces.

Simgenet Firewall Security Platform is a firewall security platform developed for hotels, factories, campuses, and large enterprise internal network architectures, built on server-class hardware architecture suitable for continuous 7/24 operation, offering high port density and modular network interfaces.

The platform is positioned not as a direct alternative to classic branded firewall solutions, but rather as a complementary and cost-effective security layer for internal network security, enterprise edge, and aggregation scenarios.

Hardware Platform

Form Factor19" 1U Rackmount
Architecturex86, DDR4
Operating SystemOPNsense Business Edition (commercial licensed)
Operating Temperature-20°C ~ +60°C

Firewall & Security Services

Stateful FirewallIPv4/IPv6 stateful packet inspection, zone-based security
Firewall AliasesIP, network, port, MAC, GeoIP and BGP ASN alias-based rule management
Time-based RulesTime-based firewall rules
NATSource NAT, Destination NAT, Port NAT, 1:1 NAT, NPt (IPv6)
ACL / Packet FilterRule-based packet filtering, logging and counters
Anti-DDoSSYN cookies, rate limiting, connection limits
Bogon BlockingBogon IP address blocking
GeoIP FilteringMaxMind GeoLite2 with country-based traffic blocking
State Table ControlState table size, connections/sec, timeout control
Traffic NormalizationProtection against protocol inconsistencies
Packet CapturePacket-level network traffic capture and analysis

Intrusion Detection & Prevention (IDS/IPS)

IDS / IPS (Suricata)Network-based attack detection and prevention — inline or passive mode
ICS Protocol AwarenessModbus TCP, DNP3, EtherNet/IP application layer analysis
SCADA/ICS DetectionProofpoint ET Pro ruleset — industrial attack and anomaly detection
DPIZenarmor plugin with Deep Packet Inspection, L7 application control

VPN & Remote Access

IPsec VPNIKEv1/IKEv2, route-based VTI, site-to-site and remote access (strongSwan)
OpenVPNSSL/TLS VPN — site-to-site, mobile user, QR code client export
WireGuard VPNModern, high-performance VPN — QR code with configuration
Ek VPNOpenConnect, Stunnel, Tinc, ZeroTier (plugin) — L2TP VPN
Multi-Factor AuthTOTP-based 2FA — Google Authenticator, hardware token

Web & Content Security

Web Application FWProtection of web services against injection attacks
Web Proxy (Squid)Transparent and explicit caching proxy, HTTP/HTTPS filtering
URL FilteringURL, domain and category-based access control (plugin)
SSL/TLS InspectionSquid proxy with SSL bumping, encrypted traffic inspection
DNS FilteringDNS over TLS (DoT) with DNS-based threat protection
AntivirusClamAV proxy integration with web traffic scanning (plugin)
Let's EncryptAutomatic SSL/TLS certificate generation and renewal

Routing & Network

Static RoutingManual route configuration
Dynamic RoutingOSPF, BGP, IS-IS, LDP, PIM, RIP (FRRouting plugin)
Policy-Based RoutingPolicy and criterion-based traffic routing
VLAN / SegmentationIEEE 802.1Q (4096 VLAN/interface), QinQ 802.1ad
VXLANVirtual eXtensible LAN — overlay network support
BridgingLayer 2 bridging — RSTP/RTP support
GIF/GRE TunnelingPoint-to-point GRE and GIF tunnel interfaces
Virtual IPCARP, IP Alias, Proxy ARP with virtual IP definition
IPv6 Dual-StackFull IPv4 + IPv6 dual-stack support
LAGGBandwidth and redundancy for interface bonding

Traffic Management

Traffic Shaping / QoSBandwidth management, priority queue, traffic prioritization
Multi-WANMultiple WAN — failover and load balancing
Gateway MonitoringRTT, RTTd and packet loss with real-time monitoring

Network Services

DHCP Server/RelayDHCPv4/v6 server and relay (ISC/Kea)
DNS ServerUnbound recursive + Dnsmasq forwarder, DNS over TLS (DoT)
NTP ServerNetwork time synchronization across infrastructure (ntpd)
Dynamic DNSAutomatic DNS update for dynamic IP addresses
SNMP v1/v2c/v3Network equipment monitoring and status management

High Availability

CARP FailoverActive/passive or active/active failover
pfsync State SyncState synchronization between clustered firewalls
Config SyncConfiguration synchronization between primary/secondary devices
Load BalancingDistribute incoming traffic across multiple servers (plugin)

Authentication & Access Control

Local User ManagementUser and group management
RADIUS / LDAP / ADCentral identity management integration
Captive PortalWeb-based authentication before network access
Certificate ManagementSSL/TLS certificate, CA and CRL management
SSODizin servisleri with Single Sign-On support

Management & Monitoring

Web GUIRole-based access control and customizable dashboard
CLI / ConsoleFreeBSD shell + OPNsense console — serial and SSH access
REST APIFull REST API with ACL support, automation integration
OPNCentralCentral multi-site management and firmware control
NetFlow / IPFIXFlow-based traffic analysis, detailed reporting
SyslogUDP, TCP, encrypted TLS — IPv4/IPv6 local and remote syslog
Live TrafficLive traffic graph and Top Talkers per interface
System HealthCPU, memory, disk I/O performance graphs
MonitService and resource monitoring, conditional alerts
Firmware MgmtAutomatic update via web/console
Backup & RestoreLocal, Google Drive, Git, NextCloud backup
Config HistoryChange tracking, revert to previous version
SnapshotsFull system snapshot, quick recovery
LLDPNetwork topology discovery (os-lldpd plugin)

EMC Immunity (EN 55035)

ESD (IEC 61000-4-2)±4 kV contact, ±8 kV air discharge
Radiated RF (IEC 61000-4-3)10 V/m, 80 MHz – 6 GHz
EFT/Burst (IEC 61000-4-4)±2 kV power, ±1 kV signal lines
Surge (IEC 61000-4-5)±2 kV line-to-ground, ±1 kV line-to-line
Conducted RF (IEC 61000-4-6)10 V, 150 kHz – 80 MHz
Magnetic Field (IEC 61000-4-8)30 A/m, 50 Hz
Voltage Dips (IEC 61000-4-11)%0 · 0.5 per., %40 · 5 per., %70 · 25 per.

Certifications & Compliance

CE2014/30/EU EMC Directive, 2014/35/EU LVD Directive
LVDIEC 62368-1 / EN 62368-1
RoHS2011/65/EU RoHS Directive

Positioning

Target UseEnterprise internal network and edge security, hotel/factory/campus networks
Target SegmentEnterprise, industrial, critical infrastructure transformer station security gateway
Not TargetedSmall office / SOHO, datacenter core firewall roles

Plugin Architecture

Plugin System70+ community and commercial plugins — modular extensibility
Back