Vitok-FW3 (Firewall)

"Vitok-FW3 (Firewall)" is an advanced Russian development for network traffic filtering in 1G-10G networks.

For most purposes, "Vitok-FW3 (Firewall)" platform performs only hardware analysis and data transfer without CPU resources, operating in a zero-loss mode for years.


"Vitok-FW3 (Firewall)" has the Certificate of conformity of FSTEC of Russia No. 3748 for compliance with information security requirements No. ROSS RU.0001.01BI00 for Vitok-FW3 (Firewall) with installed software - NS_FW, Version 3.0.1.

Functionality verification performed during certification tests confirms that the solution is a software and hardware protection against unauthorized access to information processed in local computer networks, and meets the requirements of the guidance documents "Computer hardware. Firewalls. Protection against unauthorized access to information. Indicators of protection against unauthorized access to information" (State Technical Commission of Russia, 1997) – 3rd class of security and “Protection against unauthorized access to information. Part 1. Software protection information. Classification according to the level of control of absence of undeclared features" (State Technical Commission of Russia, 1999) – on the 3rd level of control when implementing the operating instructions and application restrictions listed in NIKA. 466533.126 FO.


  • Control of 24 10G and 24 1G Ethernet ports;
  • Filtering at the network level. Filtering solution is independent for each network packet based on source and destination network addresses or other equivalent attributes;
  • Filtering service protocol packets for diagnostics and control of network devices;
  • Filtering based on input and output network interface as means of network address authentication;
  • Filtering based on any significant field of network packets.

Registration and record of filtered packets

"Vitok-FW3 (Firewall)" provides logging of sessions of administrative access to the firewall indicating:

  • Time and date of administrative access;
  • The result of attempted administrative access - successful or unsuccessful;
  • Names of users used to attempt administrative access;
  • Possibility to register and record filtered packets with address, time and filter result.

Short specification:

  • Ethernet 10G standard: 802.3ae;
  • Ethernet 1G standard: 802.3ab/802.3z;
  • 10G ports (from 1 to 24);
  • 1G ports (from 32 to 56);
  • Supported standards: 10GBASE-SR, 10GBASE-LR, 10GBASE-ER, 1000BASE-X, 1000BASE-T;
  • Connection to communication line using SFP+ modules;
  • Device control: system port, 10/100/1000BASE-T standard;
  • Remote device control: SSH;
  • Remote statistics monitoring: SSH/WEB(HTTPS);
  • Power consumption: 100-200W;
  • Redundant power supply: 48/220V;
  • Form factor: 1RU.

Energy efficiency, compactness and stability

  • 1RU consumption to 200W;
  • Guaranteed bandwidth of more than 480 Gb/s in 1RU;
  • Channel data processing without hard disks, processors and OS.

"Vitok-FW3 (Firewall)" ensures integrity of software firewall and data configurations stored in RAM and flash-memory and provides recovery after hardware failures with all hardware and software solution properties.

Technical characteristics:

  • Maximum bandwidth, Gbit\s: 240;
  • Number of parallel sessions:  unlimited;
  • Number of table filtering rules – for a device: up to 1536;
  • Number of table filtering rules – for an input/output port: up to 64;
  • Built-in input/output ports: 24 ports 10GbE (SFP+), 24 ports 1GbE (SFP);
  • Built-in control ports: 2 ports 10/100/1000MbE UTP;
  • Number of VLAN set by the device: no more than 64;
  • Scalability;
  • Additional power supply.