VICIfast
Feature · VICIfast Firewall

VICIfast Firewall.

Console access when SSH is locked out. Every SSH session captured as a replayable asciinema cast. Managed authorized_keys synced from the dashboard through the platform CA — your private key never leaves your workstation. An agent self-serve portal at firewall.<your-brand>.com that whitelists IPs without a support ticket. One screen, four real capabilities, full audit trail.
See pricing

7-day free trial · Cancel anytime · Pay with card, PayPal, or USDT

vicifast — firewall
$ asciinema play /var/log/vicifast/ssh-sessions/2026-05-16T14:22:09Z-saurav.cast
  drwxr-xr-x  2 root root  4096 May 16 14:22 .
  -rw-r--r--  1 root root 14823 May 16 14:22 2026-05-16T14:22:09Z-saurav.cast

$ cat /root/.ssh/authorized_keys
# Managed by VICIfast — do not edit by hand.
# Synced from dashboard at 2026-05-16T14:18:02Z
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... saurav@laptop  # added 2026-05-15 by saurav
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... ops@iphone     # added 2026-05-15 by saurav
40smedian deploy time
99.94%fleet uptime · last 30d
6regions live
Auditedevery state change

What you get

The full vicifast firewall surface, end-to-end.

Every card below is a shipped capability. Hover for emphasis; click any matching feature for the deep page.

Console when SSH is locked out

Browser-based serial console to the VPS. Use it when you locked yourself out of SSH, want to watch the early boot, or need to fix iptables from outside the network.

Every SSH session, replayable

Sessions are captured as asciinema casts and stored on platform infrastructure. Replay any session from the dashboard. Audit-ready for SOC2 attestations, HIPAA reviews, and customer-required evidence.

Managed SSH keys, instant revoke

Paste a public key in the dashboard; we sync it to /root/.ssh/authorized_keys via the platform CA. Revoke from the dashboard and it leaves the box within seconds — we do not rely on a TTL.

Agent self-serve IP portal

Public portal at firewall.<your-brand>.com/<token>. Agents authenticate with TOTP, click "whitelist my IP", done. Zero support tickets when an agent's coffee shop WiFi changes.

No shared keys, no service accounts

Each engineer adds their own key with their name on it. No team login. No service account that nobody rotates. Every action in the recorded session has a real human attached.

Country-block list

Block inbound from configurable country code lists at the iptables level. Useful when your floor is US-only and you want to make Asia / Africa scanning traffic disappear from your logs.

Fail2ban with sane defaults

SSH brute-force, SIP REGISTER brute-force, Apache scanning — all caught with industry-standard jails. Custom jails opt-in through the dashboard for app-specific rules.

Geolocation on every audit row

Every SSH login + IP whitelist add row carries the city/country resolved from MaxMind GeoIP. Spot a Moscow login on an account that should only be US-East in three seconds, not three days.

Replay any SSH session from the dashboard. authorized_keys is owned by the platform — the dashboard is the only place to add or revoke keys, and revocation hits the box within seconds.

FAQ

Questions worth answering

Secure the box without learning iptables.

Start the trial. Console access, replayable SSH sessions, managed keys with instant revoke, agent self-serve IP portal — all from the dashboard. No SSH for the supervisor.

All features