7063 | Security | NetDefend Firewall Selection Matrix |
NetDefend Firewall Selection Matrix
|
|
| IPS Firewalls |
|
|
| UTM Firewalls |
| |||
|
|
| |||||||||
Interface |
|
|
|
|
|
|
|
|
|
| |
Ethernet WAN Port |
| 1 | 2 | - | - | 1 | 2 |
| - | - | - |
Ethernet DMZ Port |
| 1 | 1 | - | - | 1 | 1 |
| - | - | - |
Ethernet LAN Port |
| 4 | 7 | - | - | 4 | 7 |
| - | - | - |
| - | - | 6 | 8 | - | - |
| 6 | 10 | 6 | |
| - | - | - | - | - | - |
| - | - | 4 | |
System Performance |
|
|
|
|
|
|
|
|
|
| |
Firewall Throughput (Mbps) |
| 80 | 150 | 320 | 600 | 80 | 150 |
| 1,200 | 2,000 | 2,000 |
VPN Throughput (Mbps) |
| 25 | 45 | 120 | 300 | 25 | 45 |
| 350 | 1,000 | 1,000 |
Concurrent Sessions |
| 10K | 20K | 400K | 1,000K | 10K | 20K |
| 600K | 1,500K | 1,500K |
Policies |
| 500 | 1,000 | 2,500 | 4,000 | 500 | 1,000 |
| 4,000 | 6,000 | 6,000 |
Firewall System |
|
|
|
|
|
|
|
|
|
| |
Transparent Mode |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Network & Port Address Translation (NAT, |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
PAT) |
|
| |||||||||
|
|
|
|
|
|
|
|
|
|
| |
OSFP Dynamic Routing Protocol |
| No | Yes | Yes | Yes | No | Yes |
| Yes | Yes | Yes |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | |
Proactive Network Security (ZoneDefense) |
| No | Yes | Yes | Yes | No | Yes |
| Yes | Yes | Yes |
ICSA Firewall Corporate Level Certified |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Networking |
|
|
|
|
|
|
|
|
|
| |
DHCP Server / Client |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
DHCP Relay / |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
IEEE 802.1Q Virtual LAN (VLAN) |
| 8 | 16 | 128 | 1,024 | 8 | 16 |
| 1,024 | 2,048 | 2,048 |
IP Multicast (IGMPv3) |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Virtual Private Network (VPN) |
|
|
|
|
|
|
|
|
|
| |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | |
Dedicated VPN Tunnels |
| 100 | 200 | 1,200 | 2,500 | 100 | 200 |
| 2,500 | 5,000 | 5,000 |
PPTP/L2TP Server / IPSec NAT Traversal |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Hub and Spoke |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
ICSA IPSec 1.3 Enhanced Certified |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
System Management |
|
|
|
|
|
|
|
|
|
| |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | |
Command Line/SSH |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Configuration Backup/Restore |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
User Authentication |
|
|
|
|
|
|
|
|
|
| |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | |
External RADIUS / LDAP (IPSec only) Server |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
External Microsoft IAS Server |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
XAUTH for IPSec Authentication |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Logging and Monitoring |
|
|
|
|
|
|
|
|
|
| |
Internal / External Log (Syslog Server) |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Email Notification, Event Log & Alarm |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
SNMP v1, v2c |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Traffic Load Balancing |
|
|
|
|
|
|
|
|
|
| |
Outbound Traffic Load Balancing |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Server Load Balancing |
| No | Yes | Yes | Yes | No | Yes |
| Yes | Yes | Yes |
Algorithms for Outbound Traffic Load Balancing |
|
|
|
|
|
|
|
|
|
| |
| Yes1 | Yes1 | Yes1 | Yes1 | Yes1 | Yes1 |
| Yes | Yes | Yes | |
Bandwidth Management |
|
|
|
|
|
|
|
|
|
| |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | |
Guaranteed / Maximum / Priority Bandwidth |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Dynamic Bandwidth Balancing |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Bandwidth Management in VPN Tunnel |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
High Availability (HA) |
|
|
|
|
|
|
|
|
|
| |
WAN |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Device / Link Failure Detection |
| No | No | Yes | Yes | No | No |
| Yes | Yes | Yes |
Intrusion Detection & Prevention System (IDP/IPS) |
|
|
|
|
|
|
|
|
| ||
Automatic Pattern Update |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
DoS, DDoS Protection |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
IP Blacklist by Threshold or IPS/IDP |
| No | Yes | Yes | Yes | No | Yes |
| Yes | Yes | Yes |
Content Filtering |
|
|
|
|
|
|
|
|
|
| |
HTTP / Script / Email Type |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
External Database Content Filtering |
| Yes2 | Yes2 | No | No | Yes | Yes |
| Yes | Yes | Yes |
|
|
|
|
|
|
|
|
|
| ||
Real Time AV Scanning / Unlimited File Size |
| Yes2 | Yes2 | No | No | Yes | Yes |
| Yes | Yes | Yes |
Scans VPN Tunnels / Compression File |
| Yes2 | Yes2 | No | No | Yes | Yes |
| Yes | Yes | Yes |
Signature Licensor (Kaspersky) |
| Yes2 | Yes2 | No | No | Yes | Yes |
| Yes | Yes | Yes |
Automatic Pattern Update |
| Yes2 | Yes2 | No | No | Yes | Yes |
| Yes | Yes | Yes |
Email Security |
|
|
|
|
|
|
|
|
|
| |
SMTP & POP3 Protocol Support |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
MIME Header Check for File Extension |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
Filtering |
|
| |||||||||
|
|
|
|
|
|
|
|
|
|
| |
Email Rate & Size Protection (SMTP Protocol |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
only) |
|
| |||||||||
|
|
|
|
|
|
|
|
|
|
| |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes | |
IM/P2P Blocking |
| Yes | Yes | Yes | Yes | Yes | Yes |
| Yes | Yes | Yes |
1Available in Firmware 2.25.01
2Available in Firmware 2.26.00