1176_SS_UTM

Document Sample
1176_SS_UTM Powered By Docstoc
					  Company Name                Company Website                      Product Name

Astaro Corp.              www.astaro.com             Astaro Security Gateway




Calyptix Security Corp.   http://www.calyptix.com/   AccessEnforcer AE500
Calyptix Security Corp.   http://www.calyptix.com/   AccessEnforcer AE1000




Calyptix Security Corp.   http://www.calyptix.com/   AccessEnforcer AE2000




Calyptix Security Corp.   http://www.calyptix.com/   AccessEnforcer AE3000
Check Point   http://www.checkpoint.com/   UTM-1 450
Check Point   http://www.checkpoint.com/   UTM-1 1050
Check Point   http://www.checkpoint.com/   UTM-1 2050
Check Point   http://www.checkpoint.com/   UTM-1™ Total Security™ 450
Check Point   http://www.checkpoint.com/   UTM-1 Edge Industrial
Check Point   http://www.checkpoint.com/   UTM-1™ Total Security™ 1050
Check Point   http://www.checkpoint.com/   UTM-1™ Total Security™ 2050
Check Point   http://www.checkpoint.com/   UTM-1 Edge Industrial
Check Point   http://www.checkpoint.com/   UTM-1 Edge (Wired)




Check Point   http://www.checkpoint.com/   UTM-1 Edge (Wireless)




Check Point   http://www.checkpoint.com/   Safe @ Office 500 (Wireless)
Check Point   http://www.checkpoint.com/   Safe @ Office 500 (Wired)




Cisco         http://www.cisco.com/        Cisco ASA 5510
Cisco   http://www.cisco.com/   Cisco ASA 5520




Cisco   http://www.cisco.com/   Cisco ASA 5540
Cyberoam   http://www.cyberoam.com/   CR1000i
eSoft   http://www.esoft.com/   InstaGate 404e
Fortinet   http://www.fortinet.com/   FortiGate Unified Threat Management Systems
IBM   http://www.ibm.com/   Proventia Network Multi-function Security
                            MX0804




IBM   http://www.ibm.com/   Proventia Network Multi-function Security
                            MX1004




IBM   http://www.ibm.com/   Proventia Network Multi-function Security
                            MX3006




IBM   http://www.ibm.com/   Proventia Network Multi-function Security
                            MX4006
IBM   http://www.ibm.com/   Proventia Network Multi-function Security
                            MX5008




IBM   http://www.ibm.com/   Proventia Network Multi-function Security
                            MX5110
Juniper Networks   http://www.juniper.net/   Secure Services Gateway 5 (SSG 5)
Juniper Networks   http://www.juniper.net/   Secure Services Gateway 20 (SSG 20)
Juniper Networks   http://www.juniper.net/   Secure Services Gateway 140 (SSG 140)
Juniper Networks   http://www.juniper.net/   Secure Services Gateway 320M (SSG 320M)
Juniper Networks   http://www.juniper.net/   Secure Services Gateway 350M (SSG 350M)
Juniper Networks   http://www.juniper.net/   Secure Services Gateway 520M (SSG 520M)
Juniper Networks   http://www.juniper.net/   Secure Services Gateway 550M (SSG 550M)
Secure Computing®   http://www.securecomputing.co   SnapGear® Network Gateway Security
                    m/                              Appliance
                   ®   http://www.securecomputing.co            ®
Secure Computing                                       Sidewinder Network Gateway Security
                       m/                              Appliance




SmoothWall Limited     http://smoothwall.net/          SmoothGuard 1000-UTM
SonicWALL   http://www.sonicwall.com/   NSA E5500
SonicWALL   http://www.sonicwall.com/   NSA E6500
SonicWALL   http://www.sonicwall.com/   NSA E7500
WatchGuard     http://watchguard.com/   Firebox® X Peak™ e-Series
Technologies




WatchGuard     http://watchguard.com/   Firebox® X Core™ e-Series
Technologies




WatchGuard     http://watchguard.com/   Firebox® X Edge e-Series
Technologies
ZyXEL Communications http://www.us.zyxel.com   ZyWALL5 UTM




ZyXEL Communications http://www.us.zyxel.com   ZyWALL35 UTM




ZyXEL Communications http://www.us.zyxel.com   ZyWALL70 UTM




ZyXEL Communications http://www.us.zyxel.com   ZyWALL USG300




ZyXEL Communications http://www.us.zyxel.com   ZyWALL 1050
                   Short description                                            Product URL

The Astaro Security Gateway is a Unified Threat                 www.astaro.com/our_products/product_overview
Management appliance that integrates ten security
technologies, some open source, some commercial, that
cover all aspects of security including network (firewall, VPN
and intrusion protection) Web security (spyware protection,
virus protection for the Web and content filtering), and e-mail
security (virus protection for e-mail, spam protection, and
phishing protection).




All-in-one network security appliance                       www.calyptix.com/products.php
All-in-one network security appliance   www.calyptix.com/products.php




All-in-one network security appliance   www.calyptix.com/products.php




All-in-one network security appliance   www.calyptix.com/products.php
UTM-1 appliances deliver proven, tightly integrated features http://www.checkpoint.com/products/utm-1/index.html
to provide the perfect blend of simplicity and security. UTM-
1 appliances deliver uncompromising levels of security, while
streamlining deployment and administration.
UTM-1 appliances deliver proven, tightly integrated features http://www.checkpoint.com/products/utm-1/index.html
to provide the perfect blend of simplicity and security. UTM-
1 appliances deliver uncompromising levels of security, while
streamlining deployment and administration.
UTM-1 appliances deliver proven, tightly integrated features http://www.checkpoint.com/products/utm-1/index.html
to provide the perfect blend of simplicity and security. UTM-
1 appliances deliver uncompromising levels of security, while
streamlining deployment and administration.
UTM-1™ Total Security™ appliances are all-inclusive,      http://www.checkpoint.com/products/utm-1/index.html
turnkey solutions with everything you need to secure your
network in a simple, cost-effective way. Each solution
includes the proven security features you need along with
complete security updates, hardware warranty, and reduced
support rates for up to three years.
UTM-1 Edge Industrial is a unified threat management          http://www.checkpoint.com/products/utm-
(UTM) appliance that combines firewall, intrusion prevention, 1_edge/index_industrial.html
antivirus and VPN technologies to protect Industrial Ethernet
and SCADA networks from unauthorized access and attack.
UTM-1 Edge Industrial appliances comply with industrial
mechanical specifications for dust, heat and vibration,
maximizing durability in harsh environments. In addition, the
device supports industrial mounting standards and power
input options.
UTM-1™ Total Security™ appliances are all-inclusive,      http://www.checkpoint.com/products/utm-1/index.html
turnkey solutions with everything you need to secure your
network in a simple, cost-effective way. Each solution
includes the proven security features you need along with
complete security updates, hardware warranty, and reduced
support rates for up to three years.
UTM-1™ Total Security™ appliances are all-inclusive,      http://www.checkpoint.com/products/utm-1/index.html
turnkey solutions with everything you need to secure your
network in a simple, cost-effective way. Each solution
includes the proven security features you need along with
complete security updates, hardware warranty, and reduced
support rates for up to three years.
UTM-1 Edge Industrial is a unified threat management          http://www.checkpoint.com/products/utm-
(UTM) appliance that combines firewall, intrusion prevention, 1_edge/index_industrial.html
antivirus and VPN technologies to protect Industrial Ethernet
and SCADA networks from unauthorized access and attack.
UTM-1 Edge Industrial appliances comply with industrial
mechanical specifications for dust, heat and vibration,
maximizing durability in harsh environments. In addition, the
device supports industrial mounting standards and power
input options.
Based on proven Check Point security technologies, UTM-1 http://www.checkpoint.com/products/utm-
Edge appliances combine firewall, intrusion prevention,     1_edge/index.html
antivirus, as well as secure site-to-site and remote access
connectivity, to ensure remote sites stay just as secure as
larger corporate sites.




Based on proven Check Point security technologies, UTM-1 http://checkpoint.com/products/utm-1_edge/index.html
Edge appliances combine firewall, intrusion prevention,
antivirus, as well as secure site-to-site and remote access
connectivity, to ensure remote sites stay just as secure as
larger corporate sites.
A cost-effective, all-in-one, reliable and flexible Internet http://checkpoint.com/products/safe@office/index.html
Security and VPN solution for your small business, that is
easy to manage.
A cost-effective, all-in-one, reliable and flexible Internet   http://checkpoint.com/products/safe@office/index.html
Security and VPN solution for your small business, that is
easy to manage.

The Cisco ASA 5510 Adaptive Security Appliance delivers        http://www.cisco.com/go/asa/
advanced security and networking services for small and
medium-sized businesses and enterprise remote/branch
offices in an easy-to-deploy, cost-effective appliance.
The Cisco ASA 5520 Adaptive Security Appliance delivers      http://www.cisco.com/go/asa/
security services with Active/Active high availability and
Gigabit Ethernet connectivity for medium-sized enterprise
networks in a modular, high-performance appliance.




The Cisco ASA 5540 Adaptive Security Appliance delivers      http://www.cisco.com/go/asa/
high-performance, high-density security services with
Active/Active high availability and Gigabit Ethernet
connectivity for medium-sized and large enterprise networks,
in a reliable, modular appliance.
Cyberoam CR1000i is an UTM+ integrated security             http://www.cyberoam.com/crilarge.html
appliance that offers real- time protection against blended
threats through the unique ability to have identity-based
policies. The Cyberoam UTM+ appliances deliver enterprise
class Firewall, VPN, Anti-Virus, Anti-Spam, Intrusion
Detection & Prevention (IDP), URL/Web Content filtering,
Identity Based Network Access Control (NAC), and Total
Bandwidth Management with Multi-Link Manager.
Deep Packet Firewall/VPN appliance that integrates           http://www.esoft.com/new_products/utm.cfm
comprehensive network, email and web security, including
IPS, AV, Spam Filtering, Antispyware, Web/URL filtering, as
well as Email/Webmail server - affordable, flexible, easy to
install and manage
Fortinet's FortiGate systems are ASIC-accelerated unified    http://www.fortinet.com/products/
threat management appliances that integrate essential
security applications such as antivirus, firewall, VPN,
intrusion prevention, Web filtering, anti-spam and traffic
shaping. All FortiGate systems are kept up to date
automatically by Fortinet's FortiGuard Network, which helps
ensure protection against the most damaging, content-based
threats from email and Web traffic such as viruses, worms,
intrusions, other unwanted network traffic and more - around
the clock and around the world. The FortiGate family of UTM
systems scale to meet the deployment needs of SMBs, large
enterprises, managed security service providers and telco
carriers.
Part of the security and privacy services service product line, http://www-
the IBM Proventia Network Multi-Function Security service       935.ibm.com/services/us/index.wss/offering/iss/a102711
component helps clients take a preemptive approach to           1
network security. Its comprehensive, multilayered protection
includes six enterprise-level security modules: Firewall; VPN;
IPS; Antivirus; Anti-spam; Content Filtering.



Part of the security and privacy services service product line, http://www-
the IBM Proventia Network Multi-Function Security service       935.ibm.com/services/us/index.wss/offering/iss/a102711
component helps clients take a preemptive approach to           1
network security. Its comprehensive, multilayered protection
includes six enterprise-level security modules: Firewall; VPN;
IPS; Antivirus; Anti-spam; Content Filtering.



Part of the security and privacy services service product line, http://www-
the IBM Proventia Network Multi-Function Security service       935.ibm.com/services/us/index.wss/offering/iss/a102711
component helps clients take a preemptive approach to           1
network security. Its comprehensive, multilayered protection
includes six enterprise-level security modules: Firewall; VPN;
IPS; Antivirus; Anti-spam; Content Filtering.



Part of the security and privacy services service product line, http://www-
the IBM Proventia Network Multi-Function Security service       935.ibm.com/services/us/index.wss/offering/iss/a102711
component helps clients take a preemptive approach to           1
network security. Its comprehensive, multilayered protection
includes six enterprise-level security modules: Firewall; VPN;
IPS; Antivirus; Anti-spam; Content Filtering.
Part of the security and privacy services service product line, http://www-
the IBM Proventia Network Multi-Function Security service       935.ibm.com/services/us/index.wss/offering/iss/a102711
component helps clients take a preemptive approach to           1
network security. Its comprehensive, multilayered protection
includes six enterprise-level security modules: Firewall; VPN;
IPS; Antivirus; Anti-spam; Content Filtering.



Part of the security and privacy services service product line, http://www-
the IBM Proventia Network Multi-Function Security service       935.ibm.com/services/us/index.wss/offering/iss/a102711
component helps clients take a preemptive approach to           1
network security. Its comprehensive, multilayered protection
includes six enterprise-level security modules: Firewall; VPN;
IPS; Antivirus; Anti-spam; Content Filtering.
The Juniper Networks Secure Services Gateway 5 (SSG 5) http://www.juniper.net/products_and_services/firewall_sl
is a purpose-built security appliance that delivers a perfect  ash_ipsec_vpn/ssg_5_slash_ssg_20/
blend of performance, security, routing and LAN/WAN
connectivity for small branch offices, fixed telecommuters
and stand-alone business deployments. Traffic flowing in
and out of the branch office or business is protected from
worms, spyware, trojans, and malware by a complete set of
Unified Threat Management (UTM) security features that
include stateful firewall, IPSec VPN, IPS, antivirus (includes
anti-spyware, anti-adware, anti-phishing), anti-spam and
Web filtering. The rich set of unified threat management
security features allows the SSG Series appliance to be
deployed as a stand alone network protection device or as a
secure router to help reduce IT capital and operational
expenditures. The SSG 5 has seven on-board 10/100
interfaces with optional fixed WAN ports and supports
802.11 a/b/g as a factory configured option supported by a
wide array of wireless security features.
The Juniper Networks Secure Services Gateway 20 (SSG           http://www.juniper.net/products_and_services/firewall_sl
20) is a purpose-built security appliance that delivers a      ash_ipsec_vpn/ssg_5_slash_ssg_20/
perfect blend of performance, security, routing and
LAN/WAN connectivity for small branch offices, fixed
telecommuters and stand-alone business deployments.
Traffic flowing in and out of the branch office or business is
protected from worms, spyware, trojans, and malware by a
complete set of Unified Threat Management (UTM) security
features that include stateful firewall, IPSec VPN, IPS,
antivirus (includes anti-spyware, anti-adware, anti-phishing),
anti-spam and Web filtering. The rich set of unified threat
management security features allows the SSG Series
appliance to be deployed as a stand alone network
protection device or as a secure router to help reduce IT
capital and operational expenditures. The SSG 20 has five
10/100 interfaces with two I/O expansion slots for additional
WAN connectivity. It supports 802.11 a/b/g as a factory-
configured option.
The Juniper Networks Secure Services Gateway 140 (SSG http://www.juniper.net/products_and_services/firewall_sl
140) is a purpose-built security appliance that delivers a     ash_ipsec_vpn/ssg_140/index.html
perfect blend of performance, security, routing and
LAN/WAN connectivity for medium-sized branch offices and
stand-alone business deployments. Traffic flowing in and out
of the branch office or business is protected from worms,
spyware, trojans, and malware by a complete set of Unified
Threat Management (UTM) security features that include
stateful firewall, IPSec VPN, IPS, antivirus (includes anti-
spyware, anti-adware, anti-phishing), anti-spam and Web
filtering. The rich set of unified threat management security
features allows the SSG Series appliance to be deployed as
a stand alone network protection device or as a secure
router to help reduce IT capital and operational expenditures.
The SSG 140 has eight 10/100, two 10/100/1000 interfaces,
and four I/O expansion slots for additional WAN connectivity
(T1, E1, ADSL, ISDN BRI S/T, and Serial).
The Juniper Networks Secure Services Gateway 320M (SSG http://www.juniper.net/products_and_services/firewall_sl
320M) is a purpose-built security appliance that delivers a    ash_ipsec_vpn/ssg_300_series/index.html
perfect blend of performance, security, routing and
LAN/WAN connectivity for medium to large-sized branch
offices and stand-alone business deployments. Traffic
flowing in and out of the branch office or business is
protected from worms, spyware, trojans, and malware by a
complete set of Unified Threat Management (UTM) security
features that include stateful firewall, IPSec VPN, IPS,
antivirus (includes anti-spyware, anti-adware, anti-phishing),
anti-spam and Web filtering. The rich set of unified threat
management security features allows the SSG Series
appliance to be deployed as a stand-alone network
protection device or as a secure router to help reduce IT
capital and operational expenditures. The SSG 320M has
four on-board 10/100/1000 interfaces, and three I/O
expansion slots for additional WAN or LAN connectivity (T1,
E1, ADSL, ISDN BRI S/T, Serial, and Ethernet).
The Juniper Networks Secure Services Gateway 350M (SSG http://www.juniper.net/products_and_services/firewall_sl
350M) is a purpose-built security appliance that delivers a    ash_ipsec_vpn/ssg_300_series/index.html
perfect blend of performance, security, routing and
LAN/WAN connectivity for medium to large sized branch
offices and stand-alone business deployments. Traffic
flowing in and out of the branch office or business is
protected from worms, spyware, trojans, and malware by a
complete set of Unified Threat Management (UTM) security
features that include stateful firewall, IPSec VPN, IPS,
antivirus (includes anti-spyware, anti-adware, anti-phishing),
anti-spam and Web filtering. The rich set of unified threat
management security features allows the SSG Series
appliance to be deployed as a stand-alone network
protection device or as a secure router to help reduce IT
capital and operational expenditures. The SSG 350M has
four on-board 10/100/1000 interfaces, and five I/O expansion
slots for additional WAN or LAN connectivity (T1, E1, ADSL,
ISDN BRI S/T, Serial, and Ethernet).
The Juniper Networks Secure Services Gateway 520M (SSG http://www.juniper.net/products_and_services/firewall_sl
520M) is a purpose-built security appliance that delivers a    ash_ipsec_vpn/ssg_500_series/index.html
perfect blend of performance, security, routing and
LAN/WAN connectivity for medium to large-sized branch
offices and stand-alone business deployments. The SSG
520M protects against worms, spyware, Trojans, and
malware with a comprehensive set of UTM security features
that include stateful firewall, IPSec VPN, IPS, antivirus
(includes anti-spyware, anti-adware, anti-phishing), anti-
spam, and Web filtering. The SSG 520M can be deployed as
a stand-alone network protection device or as a secure
router to help reduce IT capital and operational expenditures.
The SSG 520M has four on-board 10/100/1000 interfaces,
and six I/O expansion slots for additional WAN or LAN
connectivity (T3, E3, T1, E1, ADSL, ISDN BRI S/T, Serial,
Gigabit Ethernet). The SSG 520M comes with two enhanced
expansion slots with a higher speed I/O bus that supports
higher performance for high-density LAN interfaces.
The Juniper Networks Secure Services Gateway 550M (SSG http://www.juniper.net/products_and_services/firewall_sl
550M) is a purpose-built security appliance that delivers a  ash_ipsec_vpn/ssg_500_series/index.html
perfect blend of performance, security, routing and
LAN/WAN connectivity for medium to large-sized branch
offices. The SSG 550M protects against worms, spyware,
Trojans, and malware with a comprehensive set of UTM
security features that include stateful firewall, IPSec VPN,
IPS, antivirus (includes anti-spyware, anti-adware, anti-
phishing), anti-spam, and Web filtering. The SSG 550M can
be deployed as a stand-alone network protection device or
as a secure router to help reduce IT capital and operational
expenditures. The SSG 550M has four on-board
10/100/1000 interfaces, and six I/O expansion slots for
additional WAN or LAN connectivity (T3, E3, T1, E1, ADSL,
ISDN BRI S/T, Serial, Gigabit Ethernet). The SSG 550M
comes with four enhanced expansion slots with a higher
speed I/O bus that supports higher performance for high-
density LAN interfaces.
SnapGear is a line of small form factor security appliances   http://www.snapgear.com/
tailored towards small and medium sized businesses, but
with an enterprise level feature set allowing for deployments
in distributed, MSP, and even OEM environments.
Functionally, SnapGear can be deployed as a firewall, as a
VPN gateway, a UTM security appliance, or as a complete
office network-in-a-box for a broad range of organizations.
Incorporating enterprise features such as reputation
services, centralized management, Web filtering, high
availability, and enterprise reporting, SnapGear is the most
cost effective UTM appliance on the market.

Note: In addition to the strong channel line of products,
SnapGear specializes in a broad range of custom
appliances. Specifications for those appliances will not be
covered in detail here, but referenced in an obvious manner
where appropriate.
                                                                http://www.sidewinder.com/




Consolidating all major perimeter security functions in one
system, Secure Computing’s Sidewinder® Network Gateway
Security appliance is the strongest self-defending perimeter
firewall in the world. Built with a comprehensive combination
of high-speed application proxies, TrustedSource™
reputation-based global intelligence, and signature-based
security services, Sidewinder defends networks and Internet-
facing applications from all types of malicious threats, both
known and unknown. Enterprises use Sidewinder to secure
access to their networks and protect Internet-facing
applications, as well as monitor and manage employee use
of the Internet, kill hidden attacks in packet streams, block
viruses and spyware in file transfers, and create a forensic-
quality audit trail for regulatory compliance and reporting.

The SmoothGuard 1000-UTM is a powerful state-of-the art http://smoothwall.net/products/smoothguard1000/
network security appliance that can protect up to 1000 users.
It provides the full set of standard network security functions,
including perimeter firewall, VPN, intrusion detection, web
and email security, plus internal firewall, load balancing and
optional bandwidth management (Quality of Service).
The SonicWALL E-Class Network Security Appliance (NSA) http://www.sonicwall.com/us/products/NSA_E5500.html
E5500 is a high performance, multi-service network security
platform engineered to be the work horse of the enterprise
network environment.
The SonicWALL E-Class Network Security Appliance (NSA) http://www.sonicwall.com/us/products/NSA_E6500.html
E6500 is engineered to meet the needs of the expanding
enterprise network by providing a high performance,
scalable, multifunction threat prevention appliance.
The SonicWALL E-Class Network Security Appliance (NSA) http://www.sonicwall.com/us/products/NSA_E7500.html
E7500 is the flag ship of the E-Class NSA product family
designed to be the most scalable, high performance and
reliable multifunction threat appliance in its class.
Firebox® X Peak™ e-Series is the highest-performance line http://www.watchguard.com/products/peak-e.asp
of unified threat management (UTM) appliances from
WatchGuard, offering true zero day protection out of the box,
with up to two-gigabit-per-second firewall throughput.




Firebox® X Core™ e-Series unified threat management               http://www.watchguard.com/products/core-e.asp
(UTM) solutions provide the best performance and most
complete security in their class, integrating built-in zero day
protection with robust security subscriptions for an
unbeatable combination of network defense capabilities.




Firebox® X Edge e-Series security appliances deliver              http://www.watchguard.com/products/edge-e.asp
powerful unified threat management for small businesses,
branch offices, and remote users. Available in both wired
and wireless models, the Edge combines application proxy
firewall, VPN, zero day protection, anti-virus, anti-spyware,
anti-spam, intrusion prevention, and URL filtering for
comprehensive protection.
UTM device with Firewall/VPN, AV/IDP, Content Filtering    http://us.zyxel.com/web/product_family_detail.php?PC1i
and Anti Spam capabilities                                 ndexflag=20040908175941&CategoryGroupNo=D7ED9
                                                           38C-71E6-4F9A-8779-62F6509D5C62


UTM device with Firewall/VPN, AV/IDP, Content Filtering    http://us.zyxel.com/web/product_family_detail.php?PC1i
and Anti Spam capabilities                                 ndexflag=20040908175941&CategoryGroupNo=432769
                                                           6E-D248-4212-9CC7-97A5725A2764


UTM device with Firewall/VPN, AV/IDP, Content Filtering    http://us.zyxel.com/web/product_family_detail.php?PC1i
and Anti Spam capabilities                                 ndexflag=20040908175941&CategoryGroupNo=1AD36
                                                           044-757C-4BCB-83B0-5510C6E1E708




Unified security gateway firewall with IPSec and SSL VPN   http://us.zyxel.com/web/product_family_detail.php?PC1i
for small-to-medium-sized businesses                       ndexflag=20040908175941&CategoryGroupNo=PDCA2
                                                           007126



Professional VPN Concentrator/UTM Appliance for SMB/Mid- http://us.zyxel.com/web/product_family_detail.php?PC1i
Large Organization                                       ndexflag=20040908175941&CategoryGroupNo=05E0B
                                                         A6C-FFA2-4CC7-B648-8F0C29CD2B8A
Current     Date of        Price as          Pricing for
Version   last update     described           updates
  7.1      12/01/07     Starting at $1,200      15%




  1.5      02/01/08           $999              $449
1.5   02/01/08   $1,599   $729




1.5   02/01/08   $2,399   $1,099




1.5   02/01/08   $3,699   $1,699
 NGX R62,     12/07/07   $7,500   $2,200
R65 and R65
    with
 Messaging
  Security
 NGX R62,     12/07/07   $12,500   $3,300
R65 and R65
    with
 Messaging
  Security
 NGX R62,     12/07/07   $15,500   $3,900
R65 and R65
    with
 Messaging
  Security
 NGX R62,     12/07/07    One Year=$10,500;    Included
R65 and R65              Three Years=$15,500
    with
 Messaging
  Security
7.5   11/01/07   8 Users=$850; 16    8 Users=$200;
                 Users=$1,050; 32   16 Users=$300;
                   Users=$1,450;    32 Users=$400;
                     Unlimited         Unlimited
                   Users=$2,250       Users=$600
 NGX R62,     12/07/07   One Year=$16,750; 3   Included
R65 and R65                Years=$25,250
    with
 Messaging
  Security
 NGX R62,     12/07/07   One Year=$21,000; 3   Included
R65 and R65                Years=$33,000
    with
 Messaging
  Security
7.5   11/01/07   8 Users=$850; 16    8 Users=$200;
                 Users=$1,050; 32   16 Users=$300;
                   Users=$1,450;    32 Users=$400;
                     Unlimited         Unlimited
                   Users=$2,250       Users=$600
7.5   11/01/07   8 Users=$600; 16    8 Users=$200;
                  Users=$800; 32    16 Users=$300;
                   Users=$1,200;    32 Users=$400;
                     Unlimited         Unlimited
                   Users=$2,000       Users=$600




7.5   11/01/07   8 Users=$800; 16
                 Users=$1,000; 32
                   Users=$1,400;
                     Unlimited
                   Users=$2,200
v8.0   Jan-08   $3,495   Depends on
                           service
v8.0   Jan-08   $7,995    Depends on
                            service




v8.0   Jan-08   $16,995   Depends on
                            service
9.5.3 build 16   01/30/08   $8,539   $2129/year
01/28/08   $799   $139
FortiOS 3.0     11/26/07;       $495 to $59,995   Starting at
   MR5        Daily service                       $357/year
                update for
              antivirus, IPS,
              antispam and
               Web filtering
               is available
                 through
                FortiGuard
               Subscription
                 Services
3.13   01/15/08   $1,000   $399




3.13   01/15/08   $1,546   $499




3.13   01/15/08   $5,490   $1,922




3.13   01/15/08   $9,990   $2,198
3.13   01/15/08   $14,890   $3,296




3.13   01/15/08   $19,900   $4,378
ScreenOS   01/23/08   $900   $543
   6.1
ScreenOS   01/23/08   $1,100   $693
   6.1
ScreenOS   01/23/08   $3,200   $2,058
   6.1
ScreenOS   01/23/08   $4,000   $2,520
   6.1
ScreenOS   01/23/08   $5,000   $3,080
   6.1
ScreenOS   01/23/08   $6,500   $3,780
   6.1
ScreenOS   01/23/08   $10,500   $6,160
   6.1
3.1.5u3   11/01/07   $269 to $2499
7.0.0.05   01/23/08   $1,600 to $78,600    21%




 2007      01/15/08        $5,000         Included
5.0.0.6   Dec-07   $9,995   SonicWALL E-
                            Class Support
                              24x7 1YR
                               $2,295
5.0.0.6   Dec-07   $13,995   SonicWALL E-
                             Class Support
                               24x7 1YR
                                $3,195
5.0.0.6   Dec-07   $24,995   SonicWALL E-
                             Class Support
                               24x7 1YR
                                $4,500
10   15-Feb   14,999




10   15-Feb   5,499




10   15-Feb   1,199
4.03(XD.0)C    12/05/07   $829
     0



4.03(WZ.0)C    12/05/07   $1,369
     0



4.03(WM.0)C    12/05/07   $1,769
     0




2.01(AQE1)C    12/12/07   $1,899
      0




2.01(XL.0)C0   01/29/08   $3,499
                                                              Recommended     Appliance/
              Other price comments                                                       Dimensions
                                                               network size    Software
Six models to choose from                               10-2,000 nodes        Appliance/S
                                                                              W




Price as described includes hardware appliance and        10 nodes            Appliance     6.1" (W) x 1.4"
initial 12 month subscription, license and support                                          (H) x 8.9" (D)
package for all existing features and all future
enhancements for an unlimited number of users. Pricing
for updates is the annual renewal fee for extending the
subscription, license and support package beyond the
initial 12 months. There are no per user, add-on or other
hidden charges of any kind.
Price as described includes hardware appliance and        25 nodes    Appliance   8.43" (W) x
initial 12 month subscription, license and support                                1.73" (H) x
package for all existing features and all future                                  14.1" (D)
enhancements for an unlimited number of users. Pricing
for updates is the annual renewal fee for extending the
subscription, license and support package beyond the
initial 12 months. There are no per user, add-on or other
hidden charges of any kind.



Price as described includes hardware appliance and        50 nodes    Appliance   16.8" (W) x
initial 12 month subscription, license and support                                1.7" (H) x 14.1”
package for all existing features and all future                                  (D)
enhancements for an unlimited number of users. Pricing
for updates is the annual renewal fee for extending the
subscription, license and support package beyond the
initial 12 months. There are no per user, add-on or other
hidden charges of any kind.



Price as described includes hardware appliance and        100 nodes   Appliance   16.8" (W) x
initial 12 month subscription, license and support                                1.7" (H) x 14.9"
package for all existing features and all future                                  (D)
enhancements for an unlimited number of users. Pricing
for updates is the annual renewal fee for extending the
subscription, license and support package beyond the
initial 12 months. There are no per user, add-on or other
hidden charges of any kind.
Smartdefense and Content Inspection (AV and Web   250 nodes (unlimited   Appliance   16.77" (W) x
Filtering)                                        supported)                         1.71" (H) x
                                                                                     14.31" (D)
Smartdefense and Content Inspection (AV and Web   500 nodes (unlimited   Appliance   16.77" (W) x
Filtering)                                        supported)                         1.71" (H) x 17"
                                                                                     (D)
Smartdefense and Content Inspection (AV and Web   1000 nodes (unlimited   Appliance   16.77" (W) x
Filtering)                                        supported)                          1.71" (H) x 17"
                                                                                      (D)
Smartdefense, Content Inspection (AV and Web   250 nodes (unlimited   Appliance   16.77" (W) x
Filtering), and Messaging Security             supported)                         1.71" (H) x
                                                                                  14.31" (D)
Medium to large size         Appliance   7.87" (W) x
enterprises w/ 1-100                     1.26" (H) x
production control systems               5.04" (D)
per site.
Smartdefense, Content Inspection (AV and Web   500 users (unlimited   Appliance   16.77" (W)
Filtering), and Messaging Security             supported)                         x 1.71" (H) x
                                                                                  17" (D)
Smartdefense, Content Inspection (AV and Web   1000 users (unlimited   Appliance   16.77" (W) x
Filtering), and Messaging Security             supported)                          1.71" (H) x 17"
                                                                                   (D)
Medium to large size         Appliance   7.87" (W) x
enterprises w/ 1-100                     1.26" (H) x
production control systems               5.04" (D)
per site.
Available also with integrated ADSL2+ modem (add   Medium to large enterprises Appliance     8" (W) x 1.18"
$100)                                              that need to securely                     (H) x 4.8" (D)
                                                   connect multiple remote sites
                                                   (up to 100 users at each site)




                                                   Medium to large enterprises Appliance     8" (W) x 1.2"
                                                   that need to securely                     (H) x 4.8" (D)
                                                   connect multiple remote sites
                                                   (8-100 plus users at each
                                                   site)
                                                   1-100 users                   Appliance   8" (W) x 1.2"
                                                                                             (H) x 4.8" (D)
                                                      1-100 users                Appliance   8" (W) x 1.2"
                                                                                             (H) x 4.8" (D)


IPS option pricing varies based on performance; content Small and medium-sized   Appliance   1.75 x 17.5 x
security option varies based on performance, user count, business (SMB) and                  14.25 in.
and features; SSL VPN option pricing varies based on     enterprise networks
user count
IPS option pricing varies based on performance; content Medium-sized enterprise   Appliance   1.75 x 17.5 x
security option varies based on performance, user count, networks                             14.25 in.
and features; SSL VPN option pricing varies based on
user count




IPS option pricing varies based on performance; content Medium-sized and large    Appliance   1.75 x 17.5 x
security option varies based on performance, user count, enterprise networks                  14.25 in.
and features; SSL VPN option pricing varies based on
user count
Anti-Virus, Anti-Spam, Intrusion Detection & Prevention    1200+ nodes   Appliance   16.7" (W) 3.46"
(IDP) and URL/Web Content Filtering subscriptions are                                (H) 20.9" (D)
available for 1, 2 and 3 yrs. All licensing is Appliance
Based Licensing, with no per user charges.
N/A   25 users   Appliance   9" (W) 6.5" (H)
                             2" (D)
Hardware and complete subscription service bundles are FortiGate 50 (small           Appliance   Dimensions
also available. Price ranges from $795 to $81,395      business) - FortiGate-5000                vary across
depending on the hardware platform.                    (large enterprise, services               different
                                                       providers and carriers)                   models.
                                                                                                 Desktop size
                                                                                                 FortiGate-50B
                                                                                                 appliances are
                                                                                                 available for
                                                                                                 small
                                                                                                 businesses;
                                                                                                 rack mountable
                                                                                                 appliances are
                                                                                                 available for
                                                                                                 the medium
                                                                                                 and large
                                                                                                 enterprise; and
                                                                                                 full-sized
                                                                                                 chassis-based
                                                                                                 models are
                                                                                                 available for
                                                                                                 service
                                                                                                 providers,
                                                                                                 carriers and
                                                                                                 large
                                                                                                 enterprises.
N/A                            Up to 50 users      Appliance   9.8" (W) x 1.5"
                                                               (H) x 6.9" (D)




N/A                            Up to 100 users     Appliance   9.8" (W) x 1.5"
                                                               (H) x 6.9" (D)




N/A                            Up to 500 users     Appliance   16.87" (W) x
                                                               1.73" (H) x
                                                               14.17" (D)




Antivirus licenses available   Up to 1,000 users   Appliance   16.87" (W) x
                                                               1.73" (H) x
                                                               14.17" (D)
Antivirus licenses available   Up to 2,500 users   Appliance   16.93" (W) x
                                                               3.46" (H) x 19"
                                                               (D)




Antivirus licenses available   Up to 3,000 users   Appliance   16.93" (W) x
                                                               3.46" (H) x 19"
                                                               (D)
List price includes SSG 5 base platform with high          Fixed telecommuters (0 to 10 Appliance   8.8" (W) x 1.6"
memory option at $900. In addition, UTM subscription is    employees), small (11 to 150             (H) x 5.6" (D)
priced at $543, and includes Deep Inspection, Antivirus,   employees), branch offices,
Anti-Spam, and Web Filtering.                              enterprises
List price includes SSG 5 base platform with high          Fixed telecommuters (0 to 10 Appliance   11.6" (W) x
memory option at $1100. In addition, UTM subscription is   employees), small (11 to 150             1.8" (H) x
priced at $693, and includes Deep Inspection, Antivirus,   employees), branch offices,              7.4(D)
Anti-Spam, and Web Filtering.                              enterprises
List price includes SSG 140 base platform with high      Small (11 to 150 employees) Appliance   17.5" (W) x
memory option at $3,200. In addition, UTM subscription   to medium-sized (151 to 500             1.8" (H) x 15"
is priced at $2,058, and includes Deep Inspection,       employees) branch, regional             (D)
Antivirus, Anti-Spam, and Web Filtering.                 offices and enterprises
List price includes SSG 320M base platform with high     Medium (151 to 500             Appliance   17.5" (W) x
memory option at $4,000. In addition, UTM subscription   employees) to large-sized                  1.8" (H) x 15.1"
is priced at $2,520, and includes Deep Inspection,       (501 to 1000 employees)                    (D)
Antivirus, Anti-Spam, and Web Filtering.                 branch, regional offices and
                                                         enterprises
List price includes SSG 350M base platform with high     Medium (151 to 500             Appliance   17.5" (W) x
memory option at $5,000. In addition, UTM subscription   employees) to large-sized                  2.6" (H) x 15.1"
is priced at $3,080, and includes Deep Inspection,       (501 to 1000 employees)                    (D)
Antivirus, Anti-Spam, and Web Filtering.                 branch, regional offices and
                                                         enterprises
List price includes SSG 520M base platform with high     Medium (151 to 500          Appliance   17.5" (W) x
memory option at $6,500. In addition, UTM subscription   employees) to large-sized               3.5" (H) x 21.5"
is priced at $3,780, and includes Deep Inspection,       (501+ employees) branch,                (D)
Antivirus, Anti-Spam, and Web Filtering.                 regional offices and
                                                         enterprises
List price includes SSG 550M base platform with high      Medium (151 to 500          Appliance   17.5" (W) x
memory option at $10,500. In addition, UTM subscription   employees) to large-sized               3.5" (H) x 21.5"
is priced at $6,160, and includes Deep Inspection,        (501+ employees) branch,                (D)
Antivirus, Anti-Spam, and Web Filtering.                  regional offices and
                                                          enterprises
Six models available. 1 Year of software support, Web    The smallest SnapGear unit Appliance   Smallest: 7"
and email support included with every appliance. 90      (SG300) is recommended for             (W) x 1.7" (H) x
days 24/7 phone support included with every appliance.   no more than 25 users, while           4.6" (D)
Continual 24/7 support is available via upgrade.         the largest unit (SG720) is            Largest: 1RU
                                                         recommended for less than              or 17.32" (W) x
                                                         1000 users.                            1.69" (H) x
                                                                                                8.23" (D)
Nine models available. Included free with the Sidewinder   Mini 1U for small/remote      Appliance   Smallest:
Firewall/UTM are Anti-Spam protection                      offices (up to 75 users)                  16.87” (W) x
(TrustedSourceTM) and the SecurityReporter™ security       through 5U units for large                1.73” (H) x
information event management (SIEM) tool for               enterprises (unlimited users)             14.17” (D)
monitoring and reporting, which includes complete                                                    Largest: 17.43”
template reports for regulatory compliance. IDS/IPS,                                                 (W) x 8.57” (H)
content filtering (SmartFilter®), and SSL                                                            26.55” (D)
decryption/filtering are sold as add-on modules.




                                                           Up to 1,000 nodes            Appliance   16.93” (W) x
                                                                                        (SW version 1.73” (H) x
                                                                                        available)  11.85” (D)
SonicWALL Content Filtering Service Premium 1YR       Enterprise Networks   Appliance   Dimensions 17
$2,395, SonicWALL GAV/IPS/ Application Firewall for                                     x 16.75 x1.75in
E5500 for 1YR $2,195
SonicWALL Content Filtering Service Premium 1YR       Enterprise Networks   Appliance   Dimensions 17
$3,295, SonicWALL GAV/IPS/ Application Firewall for                                     x 16.75 x1.75in
E6500 for 1YR $2,995
SonicWALL Content Filtering Service Premium 1YR       Enterprise Networks   Appliance   Dimensions 17
$5,995, SonicWALL GAV/IPS/ Application Firewall for                                     x 16.75 x1.75in
E7500 for 1YR $5,405
bundle pricing includes appliance plus full UTM   mid-tier enterprise (999 to   Appliance   16.75 x 14.25 x
subscriptions                                     4,999)                                    1.75




bundle pricing includes appliance plus full UTM   SMB & SME (99 - 999)          Appliance   16.75 x 14.25 x
subscriptions                                                                               1.75




bundle pricing includes appliance plus full UTM   SMB (0-99) and enterprise    Appliance    6.5 x 7.4 x 1.4
subscriptions                                     branch office deployments of
                                                  comparable size (0-99)
Free Tech Support   < 10 users    Appliance   9.52” (W) x
                                              6.88” (D) x
                                              1.39 (H)


Free Tech Support   < 50 users    Appliance   9.52” (W) x
                                              6.88” (D) x
                                              1.39 (H)


Free Tech Support   < 100 users   Appliance   13.9” (W) x
                                              7.87” (D) x
                                              2.16” (H)




Free Tech Support   < 200 users   Appliance   16.93” (W) x
                                              1.65” (H) x
                                              7.92” (D)



Free Tech Support   < 500 users   Appliance   16.93” (W) x
                                              11.49” (D) x
                                              1.71” (H)
                                                              Network
  Weight   Rackable?        Deployment notes                                   Wireless?
                                                             Interfaces
              Y        Gateway or full transparent bridge (3) 10/100 to (10)      N
                                                          10/100/1000




3.5 lbs.      N        typically deployed at border       (4) 10/100              N
4.0 lbs.    N   typically deployed at border   (4) 10/100        N




10.6 lbs.   Y   typically deployed at border   (4) 10/100/1000   N




14.5 lbs.   Y   typically deployed at border   (2) 10/100; (2)   N
                                               10/100/1000
4.85 lbs.   Y   simple deployment.   (4) 10/100/1000   N
5.0 lbs.   Y   (4) 10/100; (4)   N
               10/100/1000
5.0 lbs.   Y   (4) 10/100; (4)   N
               10/100/1000
4.85 lbs.   Y   simple deployment.   (4) 10/100/1000   N
1.43 lbs.   Y   Supports dialup and 3G cellular     (6) 10/100   N
                Internet connections via optional
                USB modem
5.0 lbs.   Y   (4) 10/100; (4)   N
               10/100/1000
5.0 lbs.   Y   (4) 10/100; (4)   N
               10/100/1000
1.43 lbs.   Y   Supports dialup and 3G cellular     (6) 10/100   N
                Internet connections via optional
                USB modem
1.54 lbs.   Y   Supports dialup and 3G cellular     (6) 10/100   N
                Internet connections via optional
                USB modem




1.56 lbs.   Y                                       (4) 10/100




1.8 lbs.
1.8 lbs.




10 lb      Yes   Typically deployed at Internet   5 10/100 ports;      No
                 edge                             upgradeable to 2
                                                  10/100/1000 ports
                                                  and 3 10/100 ports
                                                  with Security Plus
                                                  license; can add
                                                  four additional
                                                  10/100/1000 / SFP
                                                  ports
20 lb   Yes   Typically deployed at Internet   Four 10/100/1000      No
              edge                             ports and one
                                               10/100 port; can
                                               add four additional
                                               10/100/1000 / SFP
                                               ports




22 lb   Yes   Typically deployed at Internet   Four 10/100/1000      No
              edge                             ports and one
                                               10/100 port; can
                                               add four additional
                                               10/100/1000 / SFP
                                               ports
33.0 lbs.   Y   Route mode (NAT mode),          (1) 10/100; (8)    N
                Transparent mode (Bridge Mode), 10/100/1000;
                Proxy Mode                      All configurable
                                                internal/WAN/DMZ
                                                ports
3.5 lbs.   Y   Perimeter deployment. Supports     (4) 10/100   N
               High Availability, QoS, Internet
               Failover, Dual WAN and more
1.5 lbs. to   Y   FortiGate systems are extremely       From (2) 10/100      Y (option)
65 lbs.           flexible and can be deployed in all   WAN and (3)
                  types of environments. For small      Internal 10/100 on
                  offices, FortiGate appliances can     the FortiGate-50
                  be deployed at the network            series to (96)
                  border as a complete wired and        10/100/1000
                  wireless secure gateway. Medium       configurable
                  and large enterprises with            interfaces on the
                  complex network topology and          FortiGate-5000
                  network security requirements         series.
                  should deploy FortiGate
                  appliances in in-line mode with
                  active-active high availability for
                  failover protection. One-armed
                  model is also available if needed.
                  The FortiGate appliance can also
                  be deployed using "transparent"
                  mode which is ideal for medium
                  and large enterprise
                  environments where no layer 3
                  changes in the network
                  infrastructure is needed.
3.0 lbs.    N   Typically deployed at gateway,   (4) 10/100/1000   N
                and can also operate in
                transparent mode




4.0 lbs.    N   Typically deployed at gateway,   (4) 10/100/1000   N
                and can also operate in
                transparent mode




12.0 lbs.   Y   Typically deployed at gateway,   (6) 10/100/1000   N
                and can also operate in
                transparent mode




14.0 lbs.   Y   Typically deployed at gateway,   (6) 10/100/1000   N
                and can also operate in
                transparent mode
40.0 lbs.   Y   Typically deployed at gateway,   (8) 10/100/1000    N
                and can also operate in
                transparent mode




40.0 lbs.   Y   Typically deployed at gateway,   (10) 10/100/1000   N
                and can also operate in
                transparent mode
2.1 lbs.   Y   SSG Series appliance to be          The SSG 5 has          Y (option)
               deployed as a stand-alone           seven on-board
               network protection device or as a   Ethernet interfaces
               secure router.                      with optional fixed
                                                   WAN ports. It has
                                                   a broad array of I/O
                                                   options coupled for
                                                   flexible port
                                                   assignment across
                                                   LAN and WAN
                                                   environments.
3.3 lbs.   Y   SSG Series appliance to be          The SSG 20 has 5      Y (option)
               deployed as a stand alone           on-board Ethernet
               network protection device or as a   interfaces and 2
               secure router.                      mini physical
                                                   interface modules
                                                   for modular
                                                   expansion slots for
                                                   additional WAN
                                                   connectivity (T1,
                                                   E1, ADSL, ISDN
                                                   BRI S/T, and
                                                   Serial).
10.2 lbs.   Y   SSG Series appliance to be          The SSG 140 has      N
                deployed as a stand-alone           ten on-board
                network protection device or as a   interfaces (8
                secure router.                      10/100 plus 2
                                                    10/100/1000)
                                                    complemented by
                                                    four I/O expansion
                                                    slots that can
                                                    house additional
                                                    WAN interfaces
                                                    (T1, E1, ADSL,
                                                    ISDN BRI S/T, and
                                                    Serial).
15.0 lbs.   Y   SSG Series appliance to be          The SSG 320M         N
                deployed as a stand-alone           has four on-board
                network protection device or as a   10/100/1000
                secure router.                      interfaces
                                                    complemented by
                                                    three I/O
                                                    expansion slots
                                                    that can house
                                                    additional WAN
                                                    and LAN interfaces
                                                    (T1, E1, ADSL,
                                                    ISDN BRI S/T,
                                                    Serial, and
                                                    Ethernet).
25.0 lbs.   Y   SSG Series appliance to be          The SSG 350M          N
                deployed as a stand-alone           has four on-board
                network protection device or as a   10/100/1000
                secure router.                      interfaces
                                                    complemented by
                                                    five I/O expansion
                                                    slots that can
                                                    house additional
                                                    WAN and LAN
                                                    interfaces (T1, E1,
                                                    ADSL, ISDN BRI
                                                    S/T, Serial, and
                                                    Ethernet).
23.0 lbs.   Y   SSG Series appliance to be          The SSG 520M          N
                deployed as a stand-alone           has four on-board
                network protection device or as a   10/100/1000
                secure router to help reduce IT     interfaces, six I/O
                capital and operational             expansion slots for
                expenditures.                       additional WAN or
                                                    LAN connectivity
                                                    (T3, E3, T1, E1,
                                                    ADSL, ISDN BRI
                                                    S/T, Serial, and
                                                    Gigabit Ethernet),
                                                    and two enhanced
                                                    expansion slots for
                                                    high-density LAN
                                                    interfaces.
25.0 lbs.   Y   SSG Series appliance to be          The SSG 550M          N
                deployed as a stand-alone           has four on-board
                network protection device or as a   10/100/1000
                secure router.                      interfaces, six I/O
                                                    expansion slots for
                                                    additional WAN or
                                                    LAN connectivity
                                                    (T3, E3, T1, E1,
                                                    ADSL, ISDN BRI
                                                    S/T, Serial, and
                                                    Gigabit Ethernet),
                                                    and four enhanced
                                                    expansion slots for
                                                    high-density LAN
                                                    interfaces.
0.75 lbs. to      Yes and No.      Typically deployed at border,        Smallest Unit:          Y
4 lbs.         Smaller units are   contains built in fail-over/high     WAN port – (1)
                 not built to be   availability with multiple options   10/100;
               rack mountable,     (dial-up, secondary ISP,             LAN port – (4)
                  but there are    sometimes integrated with 3G         10/100 switch
                rack mountable     backup connections, etc). Load       autosensing;
                     add-ons       balancing available, and             Serial ports – (1)
               available for the   sometimes deployed as a cost         (dial-on-demand)
               small form factor   effective VPN concentrator.
                  appliances if    Vertical applications include        Largest Unit: (3)
                 required. The     several OEM/embedded                 10/100 FE ports
                  SG720 is the     technologies including credit card   (configurable for
                 only standard     transaction points (POS),            WAN, LAN, DMZ);
                   rack mount      embedded with medical                (2) 10/100/1000
               appliance in the    technology, and leveraged in a       GbE ports
                channel lineup.    rebranding agreement with some       (configurable for
                                   of the largest managed service       WAN, LAN, DMZ);
                                   providers in the world.              Serial ports - (1)
                                                                        (console, dial-in, or
                                                                        dial-on-demand)
17 lbs. to   Y   Typically deployed at the border,   From (4) 10/100 to     N
100 lbs.         but also in layered deployments     (14) 10/100/1000,
                 and to enhance protection for       with maximum
                 specific applications (e.g. web,    interfaces of (26)
                 Oracle, VoIP, etc.)                 10/100/1000
                                                     possible.




17.6 lbs.    Y   Gateway security device             (7) 1000/100/10        N
                 frequently employed in              which may be used
                 active/passive failover.            in any combination
                                                     of internal/external
                                                     connectivity. No
                                                     management port
                                                     required.
Weight     Y   SonicWALL E-Class NSA            8 GbE     Y, with
15.00lbs       appliances could be deployed as          SonicPoints
               a central-site security gateway,
               into a distributed enterprise
               network, as a Unified threat
               management (UTM) platform,
               into data centers or to provide
               traffic management of
               applications
Weight     Y   SonicWALL E-Class NSA            8 GbE     Y, with
15.10lbs       appliances could be deployed as          SonicPoints
               a central-site security gateway,
               into a distributed enterprise
               network, as a Unified threat
               management (UTM) platform,
               into data centers or to provide
               traffic management of
               applications
Weight     Y   SonicWALL E-Class NSA            4 GbE + 4 SFP   Y     Y, with
17.30lbs       appliances could be deployed as                      SonicPoints
               a central-site security gateway,
               into a distributed enterprise
               network, as a Unified threat
               management (UTM) platform,
               into data centers or to provide
               traffic management of
               applications
12.4 lbs   Y   Typically deployed at the network 8 configurable       N
               perimeter; and in some scenarios, ports, 4
               deployed as a failover solution.  10/100/1000, 4
                                                 fiber




9.68 lbs   Y   Typically deployed at the network 8 configurable       N
               perimeter.                        ports, all 8
                                                 10/100/1000




1.9 lbs    N   typically deployed in two          6 configurable      Y
               scenarios: small business          ports, all 10/100
               environment, or as a branch
               office perimeter device, centrally
               managed from a remote location.
2.6 lbs.    Y   deployed at the border   (1) Auto MDI/MDI-      N, but Port
                                         X 10/100 WAN         Configurable as
                                         Port and (4) Auto     WLAN Zone
                                         MDI/MDI-X
                                         LAN/DMZ Ports
2.6 lbs.    Y   deployed at the border   (2) Auto MDI/MDI-      N, but Port
                                         X 10/100 WAN         Configurable as
                                         Port and (4) Auto     WLAN Zone
                                         MDI/MDI-X
                                         LAN/DMZ Ports
5.7 lbs.    Y   deployed at the border   (2) Auto MDI/MDI-      N, but Port
                                         X 10/100 WAN         Configurable as
                                         Port and (1) Auto     WLAN Zone
                                         MDI/MDI-X LAN
                                         Ports and (4) Auto
                                         MDI/MDI-X DMZ
                                         Ports
5.7 lbs.    Y   deployed at the border   (7) 10/10/1000             N
                                         Independently
                                         Configurable
                                         (WAN, LAN, DMZ)


10.4 lbs.   Y   deployed at the border   (5) 10/100/1000            N
                                         Independently
                                         Configurable
                                         (WAN, LAN, DMZ)
                                           Anti-                  Protocols                                      IPS
         Firewall Features                          Engine(s)                            Features
                                           virus                  supported                                       ?
Stateful, deep packet inspection            Y      Open Source   HTTP; POP3;                                     Y
                                                   CLAM AV and   SMTP; FTP
                                                   OEM
                                                   Authentium




Stateful deep packet inspection;            Y      In-house      HTTP; SMTP;   DyVax signatureless antivirus     Y
protects against SYN flood DoS,                                  POP3          engine for zero-day threats and
DDoS and anti-fragmentation; blocks                                            targeted attacks; deep scanning
ICMP and attack reconnaissance; IP                                             of executable attachments; deep
Whitelist/Blacklist; and built on highly                                       scanning of Microsoft Office
secure OpenBSD OS.                                                             attachments for zero-day
                                                                               exploits and targeted attacks;
                                                                               quarantine and tag only modes;
                                                                               email safe preview in
                                                                               quarantine.
Stateful deep packet inspection;           Y   In-house   HTTP; SMTP;   DyVax signatureless antivirus     Y
protects against SYN Flood DoS,                           POP3          engine for zero-day threats and
DDoS and Anti-fragmentation; blocks                                     targeted attacks; deep scanning
ICMP and attack reconnaissance; IP                                      of executable attachments; deep
Whitelist/Blacklist; and built on highly                                scanning of Microsoft Office
secure OpenBSD OS.                                                      attachments for zero-day
                                                                        exploits and targeted attacks;
                                                                        quarantine and tag only modes;
                                                                        email safe preview in
                                                                        quarantine.

Stateful deep packet inspection;           Y   In-house   HTTP; SMTP;   DyVax signatureless antivirus     Y
protects against SYN Flood DoS,                           POP3          engine for zero-day threats and
DDoS and Anti-fragmentation; blocks                                     targeted attacks; deep scanning
ICMP and attack reconnaissance; IP                                      of executable attachments; deep
Whitelist/Blacklist; and built on highly                                scanning of Microsoft Office
secure OpenBSD OS.                                                      attachments for zero-day
                                                                        exploits and targeted attacks;
                                                                        quarantine and tag only modes;
                                                                        email safe preview in
                                                                        quarantine.

Stateful deep packet inspection;           Y   In-house   HTTP; SMTP;   DyVax signatureless antivirus     Y
protects against SYN Flood DoS,                           POP3          engine for zero-day threats and
DDoS and Anti-fragmentation; blocks                                     targeted attacks; deep scanning
ICMP and attack reconnaissance; IP                                      of executable attachments; deep
Whitelist/Blacklist; and built on highly                                scanning of Microsoft Office
secure OpenBSD OS.                                                      attachments for zero-day
                                                                        exploits and targeted attacks;
                                                                        quarantine and tag only modes;
                                                                        email safe preview in
                                                                        quarantine.
Firewall, gateway anti-virus, IPSec        Y   OEM   HTTP; IM;   FW, VPN, NAT, SmartDefense,     Y
VPN,SSL VPN, web filtering, gateway                  SMTP; FTP   AV, Web Filtering, Messaging
anti-spam, VoIP security, intrusion                              Security (Anti-Spam, email AV
prevention capabilities, virtualized LAN                         etc)
(VLAN), integrated centralized
management
Firewall, gateway anti-virus, IPSec        Y   OEM   FW, VPN, NAT, SmartDefense,     Y
VPN, SSL VPN, web filtering, gateway                 AV, Web Filtering, Messaging
anti-spam, VoIP security, intrusion                  Security (Anti-Spam, email AV
prevention capabilities, virtualized LAN             etc)
(VLAN), integrated centralized
management
Y   OEM   FW, VPN, NAT, SmartDefense,     Y
          AV, Web Filtering, Messaging
          Security (Anti-Spam, email AV
          etc)
Firewall, gateway anti-virus, IPSec     Y   OEM   FW, VPN, NAT, SmartDefense,     Y
VPN,SSL VPN, web filtering, gateway               AV, Web Filtering, Messaging
anti-spam, intrusion prevention                   Security (Anti-Spam, email AV
capabilities, virtualized LAN (VLAN),             etc)
integrated centralized management
Stateful Inspection with Application   Y   VStream   HTTP; FTP;     Stateful inspection antivirus       Y
Intelligence                                         NBT; POP3;     blocks viruses before they enter
                                                     IMAP, SMTP;    the network. Nearly unlimited
                                                     User-defined   concurrent files scanned. Nearly
                                                     TCP and UDP    unlimited file size scanning.
                                                     ports          Compressed file scanning.
                                                                    Powerful policy based approach
                                                                    allows fine scanning granularity.
Firewall, gateway anti-virus, IPSec      Y   OEM   FW, VPN, NAT, SmartDefense,    Y
VPN, web filtering, gateway anti-spam,             AV, Web Filtering, Messaging
intrusion prevention capabilities,                 Security
virtualized LAN (VLAN), integrated
centralized management
Firewall, gateway anti-virus, IPSec      Y   OEM   FW, VPN, NAT, SmartDefense,     Y
VPN, web filtering, gateway anti-spam,             AV, Web Filtering, Messaging
intrusion prevention capabilities,                 Security (Anti-Spam, email AV
virtualized LAN (VLAN), integrated                 etc)
centralized management
Stateful Inspection with Application   Y   VStream   HTTP; FTP;     Stateful inspection antivirus       Y
Intelligence                                         NBT; POP3;     blocks viruses before they enter
                                                     IMAP; SMTP;    the network. Nearly unlimited
                                                     User-defined   concurrent files scanned. Nearly
                                                     TCP and UDP    unlimited file size scanning.
                                                     ports          Compressed file scanning.
                                                                    Powerful policy based approach
                                                                    allows fine scanning granularity.
Stateful Inspection with Application   Y   VStream   HTTP; FTP;     Stateful inspection antivirus       Y
Intelligence                                         NBT; POP3;     blocks viruses before they enter
                                                     IMAP; SMTP;    the network. Nearly unlimited
                                                     User-defined   concurrent files scanned. Nearly
                                                     TCP and UDP    unlimited file size scanning.
                                                     ports          Compressed file scanning.
                                                                    Powerful policy based approach
                                                                    allows fine scanning granularity.




Stateful Inspection with Application
Intelligence
Over 30 application/protocol inspection    Yes   Trend Micro   HTTP, SMTP,                                     Yes
engines providing application firewall                         and FTP
inspection and control, object grouping
for simplified access control policy
management, modular policy
framework provides granular control
over all security and networking
services, routed and transparent mode
support for flexible deployment, virtual
firewall support for firewall
consolidation, market-leading Unified
Communications security services
                                                                             Award-winning antivirus
protecting voice and video
                                                                             technology with true file type
communications, denial of service
                                                                             identification shields internal
(DoS) attack prevention, and much
                                                                             network resources from virus
more
                                                                             attacks
Over 30 application/protocol inspection    Yes   Trend Micro   HTTP, SMTP,                                     Yes
engines providing application firewall                         and FTP
inspection and control, object grouping
for simplified access control policy
management, modular policy
framework provides granular control
over all security and networking
services, routed and transparent mode
support for flexible deployment, virtual
firewall support for firewall
consolidation, market-leading Unified
Communications security services
                                                                             Award-winning antivirus
protecting voice and video
                                                                             technology with true file type
communications, denial of service
                                                                             identification shields internal
(DoS) attack prevention, and much
                                                                             network resources from virus
more
                                                                             attacks
Over 30 application/protocol inspection    Yes   Trend Micro   HTTP, SMTP,                                     Yes
engines providing application firewall                         and FTP
inspection and control, object grouping
for simplified access control policy
management, modular policy
framework provides granular control
over all security and networking
services, routed and transparent mode
support for flexible deployment, virtual
firewall support for firewall
consolidation, market-leading Unified
Communications security services
                                                                             Award-winning antivirus
protecting voice and video
                                                                             technology with true file type
communications, denial of service
(DoS) attack prevention, and much                                            identification shields internal
                                                                             network resources from virus
more
                                                                             attacks
*Multiple zone security with separate        Y   Kaspersky   HTTP; FTP;    *Virus, Worm, Trojan Detection   Y
levels of access rule enforcement for                        SMTP; POP3;   and Removal
each zone                                                    IMAP          *Spyware, Malware, Phishing
*Rule based on the combination of                                          Protection
User, Source and Destination Zone                                          *Automatic virus signature
and IP address and Service                                                 database update
*Actions include policy-based control                                      *Customize individual user
for IDP, Content Filter, Anti-virus, Anti-                                 scanning
spam and Bandwidth Management                                              *Self service Quarantine area
*Access Scheduling                                                         *Scan and deliver by file size
*Policy-based Source & Destination                                         *Add disclaimer/signature
NAT
*H.323 NAT Traversal
*802.1q VLAN Support
*DoS Attack prevention
                                          Y   eSoft         HTTP; SMTP;   Over 200,000 AV signatures,       Y
3DES, AES, MD5, ESP Tunnel Mode,              Premium/Suspi FTP; POP3     premium, suspicious signatures,
IPSec, PPTP, MS-CHAP V2, VPN                  cious                       micro engines, reputation
Forwarding, IPSec NAT Traversal,              Signatures,                 services powered by eSoft's
Central VPN Management, DHCP,                 Reputation                  Distributed Intelligence
NAT (1:1, Many:1, 1:Many),                    services by                 Architecture
WAN/WAN Failover, QoS, Application            eSoft's DIA
Prioritization, Bi-Modal Scanning, DIA,
ThreatMap, ThreatMonitor,
Transparent HTTP, Proxy
Server/Cache, DNS Forwarding,
PPPoE, Central management,
Graphical Reporting, Local/Syslog,
HDD, Email Security, Web Security,
IPS, Email/Webmail
- ICSA Labs Certified (Enterprise         Y   In-house   HTTP; SMTP;      - ICSA Labs Certified (Gateway      Y
Firewall)                                                POP3; IMAP;      Antivirus)
- NAT, PAT, transparent (bridge)                         FTP; IM; NNTP;   - Includes anti-spyware and
- Routing rode (RIP v1 & v2, OSPF,                       Encrypted VPN    worm prevention
BGP, & Multicast)                                        tunnels          - Antivirus update powered by
- Policy-based NAT                                                        FortiGuard Antivirus
- Virtual Domains (NAT/Transparent                                        Subscription Service
mode)                                                                     - Automatic “push" virus
- Virtual IP                                                              database update
- VLAN tagging (802.1Q)                                                   - File pattern match
- User group-based authentication                                         - File quarantine support
- SIP/H.323 NAT traversal                                                 - Block by file size or type
- WINS support                                                            - Integrated with firewall policy
- Customized protection profiles                                          through customized protection
- Schedule policy                                                         profile
- Stateful firewall inspection
- High availability (HA) active-active,
active-passive
- Stateful failover (FW and VPN)
- Device failure detection and
notification
- Link status monitor
- Link failover
Stateful, Complete Network and Port   Y   OEM - Sophos HTTP; SMTP;   340k+ known viruses, plus         Y
Translation Features, Transparent                      POP3; FTP     behavioral detection of unknown
Mode (Layer 2), DHCP, PPPoE,
OSPF, High Availability, etc.




Stateful, Complete Network and Port   Y   OEM - Sophos HTTP; SMTP;   340k+ known viruses, plus         Y
Translation Features, Transparent                      POP3; FTP     behavioral detection of unknown
Mode (Layer 2), DHCP, PPPoE,
OSPF, High Availability, etc.




Stateful, Complete Network and Port   Y   OEM - Sophos HTTP; SMTP;   340k+ known viruses, plus         Y
Translation Features, Transparent                      POP3; FTP     behavioral detection of unknown
Mode (Layer 2), DHCP, PPPoE,
OSPF, High Availability, etc.




Stateful, Complete Network and Port   Y   OEM - Sophos HTTP; SMTP;   340k+ known viruses, plus         Y
Translation Features, Transparent                      POP3; FTP     behavioral detection of unknown
Mode (Layer 2), DHCP, PPPoE,
OSPF, High Availability, etc.
Stateful, Complete Network and Port   Y   OEM - Sophos HTTP; SMTP;   340k+ known viruses, plus         Y
Translation Features, Transparent                      POP3; FTP     behavioral detection of unknown
Mode (Layer 2), DHCP, PPPoE,
OSPF, High Availability, etc.




Stateful, Complete Network and Port   Y   OEM - Sophos HTTP; SMTP;   340k+ known viruses, plus         Y
Translation Features, Transparent                      POP3; FTP     behavioral detection of unknown
Mode (Layer 2), DHCP, PPPoE,
OSPF, High Availability, etc.
Stateful inspection, NAT, Application   Y   OEM          HTTP; IM;     Combination of 200,000+           Y
Layer Gateway (ALG), 802.1Q VLAN,           (Kaspersky   SMTP; POP3;   signatures and proactive
Network attack detection, DoS and           Lab)         IMAP; SMTP;   technologies to protect against
DDoS protection, TCP reassembly for                      FTP           file-based viruses, worms,
fragmented packet protection, Brute                                    Trojans, spyware, adware,
force attack mitigation, SYN cookie                                    keyloggers, phishing attacks,
protection, Zone-based IP spoofing,                                    and other malware;
Malformed packet protection                                            3,300 file formats and
                                                                       extensions; Optimal filtering
                                                                       functionality; Hourly periodic
                                                                       updates; Industry's quickest
                                                                       response time for emerging
                                                                       threats
Stateful inspection, NAT, Application   Y   OEM          HTTP, IM,     Combination of 200,000+           Y
Layer Gateway (ALG), 802.1Q VLAN,           (Kaspersky   SMTP, POP3,   signatures and proactive
Network attack detection, DoS and           Lab)         IMAP, SMTP,   technologies to protect against
DDoS protection, TCP reassembly for                      FTP           file-based viruses, worms,
fragmented packet protection, Brute                                    Trojans, spyware, adware,
force attack mitigation, SYN cookie                                    keyloggers, phishing attacks,
protection, Zone-based IP spoofing,                                    and other malware;
Malformed packet protection                                            3,300 file formats and
                                                                       extensions; Optimal filtering
                                                                       functionality; Hourly periodic
                                                                       updates; Industry's quickest
                                                                       response time for emerging
                                                                       threats
Stateful inspection, NAT, Application   Y   OEM          HTTP; IM;     Combination of 200,000+           Y
Layer Gateway (ALG), 802.1Q VLAN,           (Kaspersky   SMTP; POP3;   signatures and proactive
Network attack detection, DoS and           Lab)         IMAP; SMTP;   technologies to protect against
DDoS protection, TCP reassembly for                      FTP           file-based viruses, worms,
fragmented packet protection, Brute                                    Trojans, spyware, adware,
force attack mitigation, SYN cookie                                    keyloggers, phishing attacks,
protection, Zone-based IP spoofing,                                    and other malware;
Malformed packet protection                                            3,300 file formats and
                                                                       extensions; Optimal filtering
                                                                       functionality; Hourly periodic
                                                                       updates; Industry's quickest
                                                                       response time for emerging
                                                                       threats
Stateful inspection, NAT, Application   Y   OEM          HTTP; IM;     Combination of 200,000+           Y
Layer Gateway (ALG), 802.1Q VLAN,           (Kaspersky   SMTP; POP3;   signatures and proactive
Network attack detection, DoS and           Lab)         IMAP; SMTP;   technologies to protect against
DDoS protection, TCP reassembly for                      FTP           file-based viruses, worms,
fragmented packet protection, Brute                                    Trojans, spyware, adware,
force attack mitigation, SYN cookie                                    keyloggers, phishing attacks,
protection, Zone-based IP spoofing,                                    and other malware;
Malformed packet protection                                            3,300 file formats and
                                                                       extensions; Optimal filtering
                                                                       functionality; Hourly periodic
                                                                       updates; Industry's quickest
                                                                       response time for emerging
                                                                       threats
Stateful inspection, NAT, Application   Y   OEM          HTTP; IM;     Combination of 200,000+           Y
Layer Gateway (ALG), 802.1Q VLAN,           (Kaspersky   SMTP; POP3;   signatures and proactive
Network attack detection, DoS and           Lab)         IMAP; SMTP;   technologies to protect against
DDoS protection, TCP reassembly for                      FTP           file-based viruses, worms,
fragmented packet protection, Brute                                    Trojans, spyware, adware,
force attack mitigation, SYN cookie                                    keyloggers, phishing attacks,
protection, Zone-based IP spoofing,                                    and other malware;
Malformed packet protection                                            3,300 file formats and
                                                                       extensions; Optimal filtering
                                                                       functionality; Hourly periodic
                                                                       updates; Industry's quickest
                                                                       response time for emerging
                                                                       threats
Stateful inspection, NAT, Application   Y   OEM          HTTP; IM;     Combination of 200,000+           Y
Layer Gateway (ALG), 802.1Q VLAN,           (Kaspersky   SMTP; POP3;   signatures and proactive
Network attack detection, DoS and           Lab)         IMAP; SMTP;   technologies to protect against
DDoS protection, TCP reassembly for                      FTP           file-based viruses, worms,
fragmented packet protection, Brute                                    Trojans, spyware, adware,
force attack mitigation, SYN cookie                                    keyloggers, phishing attacks,
protection, Zone-based IP spoofing,                                    and other malware;
Malformed packet protection                                            3,300 file formats and
                                                                       extensions; Optimal filtering
                                                                       functionality; Hourly periodic
                                                                       updates; Industry's quickest
                                                                       response time for emerging
                                                                       threats
Stateful inspection, NAT, Application   Y   OEM          HTTP; IM;     Combination of 200,000+            Yes
Layer Gateway (ALG), 802.1Q VLAN,           (Kaspersky   SMTP; POP3;   signatures and proactive          (Dee
Network attack detection, DoS and           Lab)         IMAP; SMTP;   technologies to protect against     p
DDoS protection, TCP reassembly for                      FTP           file-based viruses, worms,        Insp
fragmented packet protection, Brute                                    Trojans, spyware, adware,         ectio
force attack mitigation, SYN cookie                                    keyloggers, phishing attacks,       n)
protection, Zone-based IP spoofing,                                    and other malware;
Malformed packet protection                                            3,300 file formats and
                                                                       extensions; Optimal filtering
                                                                       functionality; Hourly periodic
                                                                       updates; Industry's quickest
                                                                       response time for emerging
                                                                       threats
Firewall/UTM features include: Stateful   Y   OEM: ClamAV FTP; HTTP;          SnapGear allows multiple           Y
layer firewall inspection, IDS/IPS,                       SMTP; POP3;         configurations to leverage
IPSEC PPTP, and L2TP VPN, DES 56-                         CIFS for            ClamAV, like choosing file sizes
bit, 3DES 168-bit, AES 256-bit                            Network or          to restrict or allow and how
encryption, Hashes HMAC - MD5 and                         Local Storage       much available resources to
SHA-1 authentication                                      data transfer; IM   dedicate to AV Scanning.
IKE/ISAKMP Diffie-Hellman key                             over HTTP           Sample features: command-line
exchange, Diffie-Hellman Groups                                               scanner
(1,2,5) and Oakley Groups (14,15,16)                                          fast, multi-threaded daemon with
to 4096-bits, X.509 certificates DER,                                         support for on-access scanning
PEM formats, Pre-shared secrets,                                              milter interface for sendmail
Dynamic IP address end-points,                                                advanced database updater with
Dynamic DNS IPSec support,                                                    support for scripted updates and
Authentication up to 2048-bit for RSA                                         digital signatures
key signatures, Multiple subnets, NAT                                         virus scanner C library
traversal, MPPE 40 to 128-bit RC4                                             on-access scanning (Linux® and
encryption, PAP/CHAP/MS CHAPv2                                                FreeBSD®)
authentication, L2TP & GRE tunneling                                          virus database updated multiple
extensions, ICSA-certified dynamic                                            times per day (see home page
firewall, Routing, DHCP - client and                                          for total number of signatures)
server, PPPoE (for ADSL support),                                             built-in support for various
NAT - static and dynamic, NAPT/PAT -                                          archive formats, including Zip,
port forwarding, Connection sharing,                                          RAR, Tar, Gzip, Bzip2, OLE2,
Logging (local and remote)-includes                                           Cabinet, CHM, BinHex, SIS and
SecurityReporter enterprise reporting                                         others
engine, Traffic shaping (QoS),SIP                                             built-in support for almost all
Proxy, URL filtering subscriptions                                            mail file formats
Firewall/UTM features include:              Y   OEM: Sophos   HTTP; SMTP;   Secure Computing Sidewinder          Y
Network-layer firewall, application-                          FTP           offers a best-of-breed Anti-Virus
layer firewall, IDS/IPS, IPSec VPN,                                         and Anti-Spyware engine add-on
SSL decryption, Anti-Spam, Anti-Virus                                       module for email and Web
& Anti-Spyware, TrustedSource                                               traffic. The award winning
(reputation filtering), SmartFilter web                                     Sophos anti-virus engine with
filtering, SecurityReporter™ SIEM                                           industry leading response times
reporting and monitoring with complete                                      for virus signature update
regulatory compliance reports, IM &                                         services are fully integrated into
P2P filters, Firewall Access Controls,                                      the Sidewinder GUI, and this
User Authentication, Java & ActiveX                                         same engine has recently won
Filters, active/active high availability,                                   an award for its superior
unequalled EAL4+ Common Criteria                                            detection of 100% of spyware
certification for the application layer,                                    attacks. SophosLabs technology
and the SecureOS® operating system,                                         provides proactive protection
which has never been compromised or                                         from new variants of virus
required an emergency patch in more                                         families even before specific,
than 12 years. A three-year hardware                                        signature-based protection
warranty is included in the base price,                                     becomes available.
and 24x7 "live answer" support is
available.


Stateful firewall with some object          Y   ClamAV        HTTP; SMTP;                                        N
based configuration options                                   POP3
Stateful Packet Inspection Firewalling,   Y   In-house   (HTTP, SMTP,   SonicWALL Gateway Anti-Virus         Y
DoS and DDoS attack prevention,                          POP3, IMAP,    service provides intelligent file-
objects and group based                                  FTP,           based protection supporting
configurations and policy controls.                      CIFS/NetBIOS   unlimited file sizes with a
                                                         and TCP)       dynamically updated signature
                                                                        database to provide protection
                                                                        against the latest viruses
                                                                        outbreaks. Granular signature
                                                                        controls and zone based
                                                                        blocking providing the necessary
                                                                        user controls for many different
                                                                        deployments for the SonicWALL
                                                                        gateway anti-virus solution.
                                                                        SonicWALL Viewpoint can be
                                                                        used to provide comprehensive
                                                                        logging and reporting.
Stateful Packet Inspection Firewalling,   Y   In-house   (HTTP, SMTP,   SonicWALL Gateway Anti-Virus         Y
DoS and DDoS attack prevention,                          POP3, IMAP,    service provides intelligent file-
objects and group based                                  FTP,           based protection supporting
configurations and policy controls.                      CIFS/NetBIOS   unlimited file sizes with a
                                                         and TCP)       dynamically updated signature
                                                                        database to provide protection
                                                                        against the latest viruses
                                                                        outbreaks. Granular signature
                                                                        controls and zone based
                                                                        blocking providing the necessary
                                                                        user controls for many different
                                                                        deployments for the SonicWALL
                                                                        gateway anti-virus solution.
                                                                        SonicWALL Viewpoint can be
                                                                        used to provide comprehensive
                                                                        logging and reporting.
Stateful Packet Inspection Firewalling,   Y   In-house   (HTTP, SMTP,   SonicWALL Gateway Anti-Virus         Y
DoS and DDoS attack prevention,                          POP3, IMAP,    service provides intelligent file-
objects and group based                                  FTP,           based protection supporting
configurations and policy controls.                      CIFS/NetBIOS   unlimited file sizes with a
                                                         and TCP)       dynamically updated signature
                                                                        database to provide protection
                                                                        against the latest viruses
                                                                        outbreaks. Granular signature
                                                                        controls and zone based
                                                                        blocking providing the necessary
                                                                        user controls for many different
                                                                        deployments for the SonicWALL
                                                                        gateway anti-virus solution.
                                                                        SonicWALL Viewpoint can be
                                                                        used to provide comprehensive
                                                                        logging and reporting.
True "zero day" attack prevention,     Y   In-house   HTTP, HTTPS,     Includes: stateful deep packet     Y
supported by spamBlocker,                             SMTP, FTP,       inspection, coupled with
WebBlocker and Gateway                                DNS, TCP,        application proxy technology.
Antivirus/IPS services. Complemented                  POP3, IM, SIP,   Also includes: spyware blocking,
by centralized management,                            H.323            DoS and DDoS prevention,
comprehensive networking                                               protocol anomaly detection,
capabilities, such as SSL VPN, and                                     behavior analysis, pattern
unmatched ease of use.                                                 matching and rules-based
                                                                       control.

True "zero day" attack prevention,     Y   In-house   HTTP, HTTPS,     Includes: stateful deep packet     Y
supported by spamBlocker,                             SMTP, FTP,       inspection, coupled with
WebBlocker and Gateway                                DNS, TCP,        application proxy technology.
Antivirus/IPS services. Complemented                  POP3, IM, SIP,   Also includes: spyware blocking,
by centralized management,                            H.323            DoS and DDoS prevention,
comprehensive networking                                               protocol anomaly detection,
capabilities, such as SSL VPN, and                                     behavior analysis, pattern
unmatched ease of use.                                                 matching and rules-based
                                                                       control.

True "zero day" attack prevention,     Y   In-house   HTTP, HTTPS,     Includes: stateful deep packet     Y
supported by spamBlocker,                             SMTP, FTP,       inspection, coupled with
WebBlocker and Gateway                                DNS, TCP,        application proxy technology.
Antivirus/IPS services. Complemented                  POP3, IM, SIP,   Also includes: spyware blocking,
by centralized management,                            H.323            DoS and DDoS prevention,
comprehensive networking                                               protocol anomaly detection,
capabilities, such as SSL VPN, and                                     behavior analysis, pattern
unmatched ease of use.                                                 matching and rules-based
                                                                       control.
SPI Firewall: 65Mbps; VPN            Y   Kaspersky   HTTP; SMTP;    Inbound and Outbound            Y
AES/3DES:25Mbps                                      POP3; IMAP4;   Scanning. Dedicated ASIC chip
                                                     FTP


SPI Firewall: 70Mbps; VPN            Y   Kaspersky   HTTP; SMTP;    Inbound and Outbound            Y
AES/3DES:30Mbps                                      POP3; IMAP4;   Scanning. Dedicated ASIC chip
                                                     FTP


SPI Firewall: 90Mbps; VPN            Y   Kaspersky   HTTP; SMTP;    Inbound and Outbound            Y
AES/3DES:40Mbps                                      POP3; IMAP4;   Scanning. Dedicated ASIC chip
                                                     FTP




SPI Firewall: 200Mbps; VPN           Y   Kaspersky   HTTP; SMTP;    Inbound and Outbound            Y
AES/3DES: 100Mbps (200 Concurrent                    POP3; IMAP4;   Scanning. Dedicated ASIC chip
Tunnels); UTM: 48Mbps; Sessions:                     FTP
60k


SPI Firewall: 300Mbps; VPN           Y   Kaspersky   HTTP; SMTP;    Inbound and Outbound            Y
AES/3DES: 100Mbps (1000                              POP3; IMAP4;   Scanning. Dedicated ASIC chip
Concurrent Tunnels); IDP: 100Mbps;                   FTP
Sessions: 128k
 Custom
                                                                                                           Anti-
signatures Engine(s)              Features                   IDS?              Features
                                                                                                          spam?
    ?
    N     Sourcefire/S Sourcefire/Snort/In-house              Y     DDoS Protection, Portscan               Y
          nort/In-                                                  Protection, Granular
          house                                                     Exemptions, arrayed by threat
                                                                    target type




    N     Snort        Over 4000 high quality                 Y     Over 4000 high quality                  Y
                       signatures; IP Whitelist/Blacklist;          signatures; IP Whitelist/blacklist;
                       dynamic blacklisting of                      dynamic blacklisting of
                       offenders; simple rule                       offenders; simple rule
                       management/ exceptions; denial               management/ exceptions; denial
                       of service protections;                      of service protections;
                       geographic alerts; detects and               geographic alerts; detects and
                       stops malware, exploits,                     stops malware, exploits,
                       spyware, Trojans, cross site                 spyware, Trojans, cross site
                       scripting attempts, VoIP attacks             scripting attempts, VoIP attacks
                       and more.                                    and more.
N   Snort   Over 4000 high quality                Y   Y
            signatures; IP Whitelist/Blacklist;
            dynamic blacklisting of
            offenders; simple rule
            management/ exceptions; denial
            of service protections;
            geographic alerts; detects and
            stops malware, exploits,
            spyware, Trojans, cross site
            scripting attempts, VoIP attacks
            and more.
N   Snort   Over 4000 high quality                Y   Y
            signatures; IP Whitelist/Blacklist;
            dynamic blacklisting of
            offenders; simple rule
            management/ exceptions; denial
            of service protections;
            geographic alerts; detects and
            stops malware, exploits,
            spyware, Trojans, cross site
            scripting attempts, VoIP attacks
            and more.
N   Snort   Over 4000 high quality                Y   Y
            signatures; IP Whitelist/Blacklist;
            dynamic blacklisting of
            offenders; simple rule
            management/ exceptions; denial
            of service protections;
            geographic alerts; detects and
            stops malware, exploits,
            spyware, Trojans, cross site
            scripting attempts, VoIP attacks
            and more.
Y   In-house   SmartDefense is a set of              N   N/A   Y
               integrated IPS functionality
               which resides in all Check Point
               products. SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
               found at:
               http://www.checkpoint.com/appi
Y   In-house   SmartDefense is a set of              Y
               integrated IPS functionality
               which resides in all Check Point
               products. SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
               found at:
               http://www.checkpoint.com/appi
Y   In-house   SmartDefense is a set of              Y
               integrated IPS functionality
               which resides in all Check Point
               products. Based on Check
               Point's Application Intelligence
               technology, SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
Y   In-house   SmartDefense is a set of              Y
               integrated IPS functionality
               which resides in all Check Point
               products. Based on Check
               Point's Application Intelligence
               technology, SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
Y   In-house   SmartDefense is a set of              Y   Y
               integrated IPS functionality
               which resides in all Check Point
               products. SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
               found at:
               http://www.checkpoint.com/appi
Y   In-house   Y
Y   In-house   SmartDefense is a set of              Y
               integrated IPS functionality
               which resides in all Check Point
               products. Based on Check
               Point's Application Intelligence
               technology, SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
Y   In-house   SmartDefense is a set of              Y   Y
               integrated IPS functionality
               which resides in all Check Point
               products. Based on Check
               Point's Application Intelligence
               technology, SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
Y   In-house   SmartDefense is a set of              Y   Y
               integrated IPS functionality
               which resides in all Check Point
               products. Based on Check
               Point's Application Intelligence
               technology, SmartDefense
               provides a set of advanced IPS
               capabilities that prevents the
               exploitation of vulnerabilities in
               business applications, including
               vulnerabilities in the application
               code, communication protocols
               and the underlying operating
               system. SmartDefense provides
               security for these applications by
               running multiple security checks
               including validation of
               compliance to standards,
               validation of expected use of
               protocols, inspection for known
               malicious content and control of
               application layer operations.
               The result is to proactively shield
               applications from attack without
               relying on specific attack
               signatures. A complete list of
               protocols protected can be
Yes   Over 35     Proven protection against tens    Yes   Proven detection of tens of        Yes
      engines     of thousands of network,                thousands of network, operating
      developed   operating system, and                   system, and application attacks.
      in-house    application attacks. Day-Zero           Day-Zero threat detection with
                  threat protection with protocol         protocol and traffic anomaly
                  and traffic anomaly detection.          detection.
Yes   Over 35     Proven protection against tens    Yes   Proven detection of tens of        Yes
      engines     of thousands of network,                thousands of network, operating
      developed   operating system, and                   system, and application attacks.
      in-house    application attacks. Day-Zero           Day-Zero threat detection with
                  threat protection with protocol         protocol and traffic anomaly
                  and traffic anomaly detection.          detection.




Yes   Over 35     Proven protection against tens    Yes   Proven detection of tens of        Yes
      engines     of thousands of network,                thousands of network, operating
      developed   operating system, and                   system, and application attacks.
      in-house    application attacks. Day-Zero           Day-Zero threat detection with
                  threat protection with protocol         protocol and traffic anomaly
                  and traffic anomaly detection.          detection.
Y   Custom   *3000+ Signatures                 Yes   *3000+ Signatures                 Y
             *IDP Policies: Multiple, Custom         *IDP Policies: Multiple, Custom
             *User-based policy creation             *User-based policy creation
             *Automatic real-time updates            *Automatic real-time updates
             from CR Protect networks                from CR Protect networks
             *Protocol Anomaly Detection             *Protocol Anomaly Detection
             *Custom Signatures                      *Custom Signatures
             *Block HTTP Proxy Traffic               *Block HTTP Proxy Traffic
             *P2P application signatures             *P2P application signatures
             including Skype                         including Skype
N   In-house   Premium policies, real-time        Y   Included with IPS   Y
               policy updates, Botnet detection
               on local network/PCs, Dos,
               Directory Harvest protection,
               Social Networking/IM/P2P
               granular controls
Y   In-house   - ICSA Labs Certified (NIPS)   Y   - ICSA Labs Certified (NIPS)   Y
               - Protection from more than        - Protection from more than
               3000 threats                       3000 threats
               - Signature and protocol           - Signature and protocol
               anomaly support                    anomaly support
               - Custom signature support         - Custom signature support
               - Custom IPS sensor profile        - Automatic attack database
               - Automatic attack database        update
               update
N   In-house   170 Protocols inspected, port          Y   Same as IPS: change IPS into   Y
               independent where applicable, 9            IDS with a checkbox
               response types, 7400+
               vulnerabilities blocked by default
               with no false positives, Intelligent
               defaults allows industrial
               strength protection without
               impacting legitimate traffic

N   In-house   170 Protocols inspected, port          Y   Same as IPS: change IPS into   Y
               independent where applicable, 9            IDS with a checkbox
               response types, 7400+
               vulnerabilities blocked by default
               with no false positives, Intelligent
               defaults allows industrial
               strength protection without
               impacting legitimate traffic

N   In-house   170 Protocols inspected, port          Y   Same as IPS: change IPS into   Y
               independent where applicable, 9            IDS with a checkbox
               response types, 7400+
               vulnerabilities blocked by default
               with no false positives, Intelligent
               defaults allows industrial
               strength protection without
               impacting legitimate traffic

N   In-house   170 Protocols inspected, port          Y   Same as IPS: change IPS into   Y
               independent where applicable, 9            IDS with a checkbox
               response types, 7400+
               vulnerabilities blocked by default
               with no false positives, Intelligent
               defaults allows industrial
               strength protection without
               impacting legitimate traffic
N   In-house   170 Protocols inspected, port          Y   Same as IPS: change IPS into   Y
               independent where applicable, 9            IDS with a checkbox
               response types, 7400+
               vulnerabilities blocked by default
               with no false positives, Intelligent
               defaults allows industrial
               strength protection without
               impacting legitimate traffic

N   In-house   170 Protocols inspected, port          Y   Same as IPS: change IPS into   Y
               independent where applicable, 9            IDS with a checkbox
               response types, 7400+
               vulnerabilities blocked by default
               with no false positives, Intelligent
               defaults allows industrial
               strength protection without
               impacting legitimate traffic
Y   In-house   Protocol anomaly detection;       N   N/A   Y
               traffic anomaly detection
               (malformed packet attacks, DoS,
               DDoS, SYN Flood, etc); stateful
               signatures
               (worm/application/zero day
               attack protection); fragment
               reassembly; attack evasion
               techniques; traffic/protocol
               normalization, worm/attack
               containment, screen options
Y   In-house   Protocol anomaly detection;       N   N/A   Y
               traffic anomaly detection
               (malformed packet attacks, DoS,
               DDoS, SYN Flood, etc); stateful
               signatures
               (worm/application/zero day
               attack protection); fragment
               reassembly; attack evasion
               techniques; traffic/protocol
               normalization, worm/attack
               containment, screen options
Y   In-house   Protocol anomaly detection;       N   N/A   Y
               traffic anomaly detection
               (malformed packet attacks, DoS,
               DDoS, SYN Flood, etc); stateful
               signatures
               (worm/application/zero day
               attack protection); fragment
               reassembly; attack evasion
               techniques; traffic/protocol
               normalization, worm/attack
               containment, screen options
Y   In-house   Protocol anomaly detection;       N   N/A   Y
               traffic anomaly detection
               (malformed packet attacks, DoS,
               DDoS, SYN Flood, etc); stateful
               signatures
               (worm/application/zero day
               attack protection); fragment
               reassembly; attack evasion
               techniques; traffic/protocol
               normalization, worm/attack
               containment, screen options
Y   In-house   Protocol anomaly detection;       N   N/A   Y
               traffic anomaly detection
               (malformed packet attacks, DoS,
               DDoS, SYN Flood, etc); stateful
               signatures
               (worm/application/zero day
               attack protection); fragment
               reassembly; attack evasion
               techniques; traffic/protocol
               normalization, worm/attack
               containment, screen options
Y   In-house   Protocol anomaly detection;       N   N/A   Y
               traffic anomaly detection
               (malformed packet attacks, DoS,
               DDoS, SYN Flood, etc); stateful
               signatures
               (worm/application/zero day
               attack protection); fragment
               reassembly; attack evasion
               techniques; traffic/protocol
               normalization, worm/attack
               containment, screen options
Y   In-house   Protocol anomaly detection;       N   N/A   Y
               traffic anomaly detection
               (malformed packet attacks, DoS,
               DDoS, SYN Flood, etc); stateful
               signatures
               (worm/application/zero day
               attack protection); fragment
               reassembly; attack evasion
               techniques; traffic/protocol
               normalization, worm/attack
               containment, screen options
Y   OEM:    Snort combines the benefits of     Y   Snort combines the benefits of     Y
    SNORT   signature, protocol and anomaly        signature, protocol and anomaly
            based inspection methods. With         based inspection methods. With
            millions of downloads to date,         millions of downloads to date,
            Snort is the most widely               Snort is the most widely
            deployed intrusion detection and       deployed intrusion detection and
            prevention technology worldwide        prevention technology worldwide
            and has become the de facto            and has become the de facto
            standard for the industry.             standard for the industry.
            SnapGear can leverage all of           SnapGear can leverage all of
            the thousands of signatures that       the thousands of signatures that
            exist in the Snort database.           exist in the Snort database.
            Sample IPS Features: Point and         Sample Features:
            Click Rule Set Control, 7 Web          IDS: Point and Click Rule Set
            Rule Sets, 4 Email Rule Sets,          Control, 7 Web Rule Sets, 4
            Memory Resource Management             Email Rule Sets, Database
                                                   Logging Support, Memory
                                                   Resource Management.
Y   OEM:           Sidewinder excels at stopping        Y   Our IDS/IPS is an integrated    Y
    Terrari        unknown attacks but also                 feature. See IPS description.
    hardware       includes best-of-breed signature-
    engine and     based defenses for over
    Endeavor       200,000 known attacks! Out-of-
    signature      the-box, all signature-based
    subscription   services are tightly integrated
    s              into the appliance software, and
                   automatic updates provide
                   signature creation that's proven
                   to be 1-2 weeks ahead of the
                   competition. ASIC accelerated
                   hardware scales to keep pace
                   with the highest traffic needs. In
                   addition, manage IPS signature
                   groups for higher performance,
                   create custom IPS rules, and
                   control IPS settings on a per-rule
                   basis rather than a per-service
                   or global basis.



                                                        Y   Selectable rules, reports &     Y
                                                            automated alerts
Y   In-house   SonicWALL Intrusion Prevention   Y   SonicWALL Intrusion Prevention   Y
               service provides protection          service provides protection
               against a comprehensive array        against a comprehensive array
               of network-based application         of network-based application
               attacks. Configuration options       attacks. Configuration options
               include detection and                include detection and
               prevention, category based           prevention, category based
               signatures, granular signature       signatures, granular signature
               controls and dynamic signature       controls and dynamic signature
               updates. SonicWALL Viewpoint         updates. SonicWALL Viewpoint
               can be used to provide               can be used to provide
               comprehensive logging and            comprehensive logging and
               reporting.                           reporting.
Y   In-house   SonicWALL Intrusion Prevention   Y   SonicWALL Intrusion Prevention   Y
               service provides protection          service provides protection
               against a comprehensive array        against a comprehensive array
               of network-based application         of network-based application
               attacks. Configuration options       attacks. Configuration options
               include detection and                include detection and
               prevention, category based           prevention, category based
               signatures, granular signature       signatures, granular signature
               controls and dynamic signature       controls and dynamic signature
               updates. SonicWALL Viewpoint         updates. SonicWALL Viewpoint
               can be used to provide               can be used to provide
               comprehensive logging and            comprehensive logging and
               reporting.                           reporting.
Y   In-house   SonicWALL Intrusion Prevention   Y   SonicWALL Intrusion Prevention   Y
               service provides protection          service provides protection
               against a comprehensive array        against a comprehensive array
               of network-based application         of network-based application
               attacks. Configuration options       attacks. Configuration options
               include detection and                include detection and
               prevention, category based           prevention, category based
               signatures, granular signature       signatures, granular signature
               controls and dynamic signature       controls and dynamic signature
               updates. SonicWALL Viewpoint         updates. SonicWALL Viewpoint
               can be used to provide               can be used to provide
               comprehensive logging and            comprehensive logging and
               reporting.                           reporting.
Y   In-house w/ see previous features listed in   N   SMTP v2, v3 communication   Y
    Endeavor    AV                                    available to IDS systems
    Security




Y   In-house w/ see previous features listed in   N   SMTP v2, v3 communication   Y
    Endeavor    AV                                    available to IDS systems
    Security




Y   In-house w/ see previous features listed in   N   SMTP v2, v3 communication   Y
    Endeavor    AV                                    available to IDS systems
    Security
Y   In-house   Blocks IM/P2P, Trojans, Worms   Y   Blocks IM/P2P, Trojans, Worms       Y




Y   In-house   Blocks IM/P2P, Trojans, Worms   Y   Blocks IM/P2P, Trojans, Worms       Y




Y   In-house   Blocks IM/P2P, Trojans, Worms   Y   Blocks IM/P2P, Trojans, Worms       Y




Y   In-house   Blocks IM/P2P, Trojans, Worms   Y   Blocks IM/P2P, Trojans, Worms   N but Y in
                                                                                   future FW
                                                                                    upgrade



Y   In-house   Blocks IM/P2P, Trojans, Worms   Y   Blocks IM/P2P, Trojans, Worms   N but Y in
                                                                                   future FW
                                                                                    upgrade
                                                 Content                  Protocols
Engine(s)              Features                              Engine(s)
                                                filtering?                supported
OEM       Recurrent Pattern Technology,             Y        OEM          HTTP; HTTPS
Commtouch Language Agnostic, High Catch                      (SurfControl
          Rates, False +ve and -ve                           )
          feedback
          mechanisms/BATV/GREYLISTI
          NG/SPF CHECKING and more




In-house    Individual end user email               Y        In-house    HTTP
            quarantines; safe message
            preview in quarantine; individual
            quarantine summary reports;
            one click quarantine release;
            personal whitelists; global
            whitelists/blacklists; Active
            Directory integration; mail
            bagging; SMTP; POP3; and
            more.
In-house   Individual end user email           Y   In-house
           quarantines; safe message
           preview in quarantine; individual
           quarantine summary reports;
           one click quarantine release;
           personal whitelists; global
           whitelists/blacklists; Active
           Directory integration; mail
           bagging; SMTP; POP3; and
           more.

In-house   Individual end user email           Y   In-house
           quarantines; safe message
           preview in quarantine; individual
           quarantine summary reports;
           one click quarantine release;
           personal whitelists; global
           whitelists/blacklists; Active
           Directory integration; mail
           bagging; SMTP; POP3; and
           more.

In-house   Individual end user email           Y   In-house
           quarantines; safe message
           preview in quarantine; individual
           quarantine summary reports;
           one click quarantine release;
           personal whitelists; global
           whitelists/blacklists; Active
           Directory integration; mail
           bagging; SMTP; POP3; and
           more.
OEM   IP Reputation, Content Based,      Y   OEM   HTTP; SMTP;
      Mail AV, Zero Hour Malware                   FTP
      Protection, Block list, Mail IPS
OEM   IP Reputation, Content Based,      Y   OEM   HTTP; SMTP;
      Mail AV, Zero Hour Malware                   FTP
      Protection, Block list, Mail IPS
OEM   IP Reputation, Content Based,      Y   OEM
      Mail AV, Zero Hour Malware
      Protection, Block list, Mail IPS
OEM   IP Reputation, Content Based,      Y   OEM
      Mail AV, Zero Hour Malware
      Protection, Block list, Mail IPS
Multiple    Centralized scanning via   Y   Supports     HTTP
OPSEC       SmartCenter                    SmartFilter,
partners;                                  Websense
Including
Aladdin
eSafe
OEM   IP Reputation, Content Based,      Y   OEM
      Mail AV, Zero Hour Malware
      Protection, Block list, Mail IPS
OEM   IP Reputation, Content Based,      Y   OEM
      Mail AV, Zero Hour Malware
      Protection, Block list, Mail IPS
Multiple    Centralized scanning via   Y   Supports     HTTP
OPSEC       SmartCenter                    SmartFilter,
partners;                                  Websense
Including
Aladdin
eSafe
Multiple    Centralized scanning via   Y   Supports     HTTP
OPSEC       SmartCenter                    SmartFilter,
partners;                                  Websense
Including
Aladdin
eSafe
Trend Micro                                      Yes   Both in-    HTTP, HTTPS,
                                                       house and   IM, SMTP, FTP,
                                                       OEM         and SIP




              Reputation-based and content-
              based anti-spam effectively
              blocks spam with extremely low
              false positives, helping to
              maintain the effectiveness of e-
              mail communications.
Trend Micro                                      Yes   Both in-    HTTP, HTTPS,
                                                       house and   IM, SMTP, FTP,
                                                       OEM         and SIP




              Reputation-based and content-
              based anti-spam effectively
              blocks spam with extremely low
              false positives, helping to
              maintain the effectiveness of e-
              mail communications.
Trend Micro                                      Yes   Both in-    HTTP, HTTPS,
                                                       house and   IM, SMTP, FTP,
                                                       OEM         and SIP




              Reputation-based and content-
              based anti-spam effectively
              blocks spam with extremely low
              false positives, helping to
              maintain the effectiveness of e-
              mail communications.
Commtouch *Zero hour Virus Outbreak           Y   Custom   HTTP
          Protection
          *Image-spam filtering using RPD
          Technology
          *IP address blacklist/exempt list
          *Subject line Tagging
          *Redirect spam mails to
          dedicated email address
          *Filter based on message
          header, size, sender, recipient
          *MIME header check
          *Real-time Blacklist (RBL)
eSoft   Bayesian, Heuristics, Reputation   Y   eSoft   SMTP; POP3
        Services provided by DIA,
        central quarantine, end user
        quarantine, Outlook plug-in,
        Company and Individual
        White/black lists, SPD, Sender
        ID, Auto insert sender in
        whitelist, email notification
In-house   - Power by FortiGuard Antispam       Y   In-house   HTTP; IM;
           Subscription Service                                SMTP; FTP;
           - Real-time blacklist/open relay                    NNTP
           database server
           - MIME header check
           - Keyword/phrase filtering
           - IP address blacklist/exempt list
           - Automatic real-time updates
           FortiGuard
In-house   10 methods of inspection             Y   In-house   HTTP; SMTP;
           (including                                          POP3
           image/Bayesian/structural
           analysis), resulting in 95%+
           detection rates with 1 in 10,000
           false positives. Options to tag or
           delete spam. Sensitivity
           adjustment. Allow Lists and
           Block lists for senders.
In-house   10 methods of inspection             Y   In-house   HTTP; SMTP;
           (including                                          POP3
           image/Bayesian/structural
           analysis), resulting in 95%+
           detection rates with 1 in 10,000
           false positives. Options to tag or
           delete spam. Sensitivity
           adjustment. Allow Lists and
           Block lists for senders.
In-house   10 methods of inspection             Y   In-house   HTTP; SMTP;
           (including                                          POP3
           image/Bayesian/structural
           analysis), resulting in 95%+
           detection rates with 1 in 10,000
           false positives. Options to tag or
           delete spam. Sensitivity
           adjustment. Allow Lists and
           Block lists for senders.
In-house   10 methods of inspection             Y   In-house   HTTP; SMTP;
           (including                                          POP3
           image/Bayesian/structural
           analysis), resulting in 95%+
           detection rates with 1 in 10,000
           false positives. Options to tag or
           delete spam. Sensitivity
           adjustment. Allow Lists and
           Block lists for senders.
In-house   10 methods of inspection             Y   In-house   HTTP; SMTP;
           (including                                          POP3
           image/Bayesian/structural
           analysis), resulting in 95%+
           detection rates with 1 in 10,000
           false positives. Options to tag or
           delete spam. Sensitivity
           adjustment. Allow Lists and
           Block lists for senders.
In-house   10 methods of inspection             Y   In-house   HTTP; SMTP;
           (including                                          POP3
           image/Bayesian/structural
           analysis), resulting in 95%+
           detection rates with 1 in 10,000
           false positives. Options to tag or
           delete spam. Sensitivity
           adjustment. Allow Lists and
           Block lists for senders.
OEM        Spam Block List (SBL), IP        Y   OEM          HTTP
(Symantec) Address Blacklist, Exempt List       (SurfControl
                                                )
OEM        Spam Block List (SBL), IP        Y   OEM          HTTP
(Symantec) Address Blacklist, Exempt List       (SurfControl
                                                )
OEM        Spam Block List (SBL), IP        Y   OEM          HTTP
(Symantec) Address Blacklist, Exempt List       (SurfControl
                                                )
OEM        Spam Block List (SBL), IP        Y   OEM          HTTP
(Symantec) Address Blacklist, Exempt List       (SurfControl
                                                )
OEM        Spam Block List (SBL), IP        Y   OEM          HTTP
(Symantec) Address Blacklist, Exempt List       (SurfControl
                                                )
OEM        Spam Block List (SBL), IP        Y   OEM          HTTP
(Symantec) Address Blacklist, Exempt List       (SurfControl
                                                )
OEM        Spam Block List (SBL), IP        Y   OEM          HTTP
(Symantec) Address Blacklist, Exempt List       (SurfControl
                                                )
In-house:      TrustedSource multiple-protocol     Y   In-house: HTTP
TrustedSour    reputation-based filtering drops        Webwasher
ceTM           well over 70% of unwanted
reputation-    spam instantly at the outside
based          edge of networks. Traditionally
global         reputation systems have been
intelligence   available only to the upper tiers
engine         of the market. Typically due to
               cost restrictions and complicated
               installations. SnapGear is the
               first and only firewall security
               solution to provide such leading
               edge technology to the SMB
               market.
In-house:      TrustedSource multiple-protocol    Y   In-house:     HTTP
TrustedSour    reputation-based filtering drops       SmartFilter
ceTM           well over 70% of unwanted
reputation-    spam instantly at the outside
based          edge of networks.
global
intelligence
engine




OEM            SMTP & POP3 anti-spam, with        Y   In-house      HTTP
MailShell      reputation checking, plus RBL
               and Graylist support where
               required
In-house   Real-time Black List Services,   Y   In-house   HTTP and
           User-Defined Server Lists                       HTTPS
In-house   Real-time Black List Services,   Y   In-house   HTTP and
           User-Defined Server Lists                       HTTPS
In-house   Real-time Black List Services,   Y   In-house   HTTP and
           User-Defined Server Lists                       HTTPS
In-house w/ see previous features listed in   Y   In-house   HTTP, HTTPS,
CommTouc AV                                                  SMTP, FTP,
h                                                            DNS, TCP,
                                                             POP3, IM, SIP,
                                                             H.323




In-house w/ see previous features listed in   Y   In-house   HTTP, HTTPS,
CommTouc AV                                                  SMTP, FTP,
h                                                            DNS, TCP,
                                                             POP3, IM, SIP,
                                                             H.323




In-house w/ see previous features listed in   Y   In-house   HTTP, HTTPS,
CommTouc AV                                                  SMTP, FTP,
h                                                            DNS, TCP,
                                                             POP3, IM, SIP,
                                                             H.323
MailShell   SPAM, Phishing prevention,       Y   Blue Coat   HTTP
            configurable white/black list,
            SMTP, POP3 Support


MailShell   SPAM, Phishing prevention,       Y   Blue Coat   HTTP
            configurable white/black list,
            SMTP, POP3 Support


MailShell   SPAM, Phishing prevention,       Y   Blue Coat   HTTP
            configurable white/black list,
            SMTP, POP3 Support




In-house                                     Y   Blue Coat   HTTP
Linux




In-house                                     Y   Blue Coat   HTTP
Linux
                                      NAC                       DLP
       Other features              capabilities   Features   capabilities Engine(s)
                                       ?                         ?
RBL/Whitelist/Blacklist/Keyword    Y                         Y           SurfControl
Search




Monitor & enforcement modes;       N                         N
URL blacklist categories; custom
blacklists; URL whitelists;
positive and negative
enforcement; extension and file
type blocking; spyware blocking;
antivirus scanning; keyword
filtering; caching for faster
downloads; detailed reporting;
daily PDF reports and more.
N   N




N   N




N   N
Y   Cooperative Enforcement. Non   Y   Available via
    compliant End points can be        OPSEC
    blocked by the gateway             partner
Y   Cooperative Enforcement. Non   Y   Available via
    compliant End points can be        OPSEC
    blocked by the gateway             partner
Y   Cooperative Enforcement. Non   Y   Available via
    compliant End points can be        OPSEC
    blocked by the gateway             partner
Y   Cooperative Enforcement. Non
    compliant End points can be
    blocked by the gateway
Category Based Filtering +   Y   802.1x port based security,   N
Flexible Web Access Policy       Secure HotSpot (Web Based)
(Web Rules)                      Authentication
Y   Cooperative Enforcement. Non
    compliant End points can be
    blocked by the gateway
Y   Cooperative Enforcement. Non
    compliant End points can be
    blocked by the gateway
Category Based Filtering +   Y   802.1x port based security,   N
Flexible Web Access Policy       Secure HotSpot (Web Based)
(Web Rules)                      Authentication
Category Based Filtering +   Y   802.1x port based security,   N
Flexible Web Access Policy       Secure HotSpot (Web Based)
(Web Rules)                      Authentication
                                    Yes   Built-in posture assessment        No   N/A
                                          services verify compliance with
                                          over 300 products, with powerful
                                          Dynamic Access Policy
                                          framework to customize user
                                          access based on many criteria.




Over 50 URL filtering categories
control Internet usage by
blocking access to inappropriate,
phishing, and malware infected
sites.
                                    Yes   Built-in posture assessment        No   N/A
                                          services verify compliance with
                                          over 300 products, with powerful
                                          Dynamic Access Policy
                                          framework to customize user
                                          access based on many criteria.




Over 50 URL filtering categories
control Internet usage by
blocking access to inappropriate,
phishing, and malware infected
sites.
                                    Yes   Built-in posture assessment        No   N/A
                                          services verify compliance with
                                          over 300 products, with powerful
                                          Dynamic Access Policy
                                          framework to customize user
                                          access based on many criteria.




Over 50 URL filtering categories
control Internet usage by
blocking access to inappropriate,
phishing, and malware infected
sites.
*Inbuilt Web Category Database   Y   *Cyberoam provides the most        Y   Custom
*URL, Keyword, File Type Block       required part of NAC -- Identity
*Database with 68+ Default           Based Access Management.
Categories
*Define Custom Categories            *User-based Policy Enforcement
*HTTP Upload blocking                to access Internet, Intranet and
*Block Malware, Phishing,            Local LAN/WAN.
Pharming URLs
*Custom block message per            *On the top of Identity-based
category                             management, Cyberoam
*Block Java Applets, Cookies,        provides gateway level security
Active X                             through Anti-virus, Anti-spam,
*CIPA Compliant                      Stateful Packet Inspection, IDP,
                                     etc.
Keyword, wild card characters,        N   Y   eSoft
Boolean logic, quarantine or
refusal of file attachments by file
type, large database of
objectionable URLs to be
blocked, Google safe search
enforcement
- Power by FortiGuard Web         Yes (only      - Strict or Dynamic Modes          N   N/A
Filtering Subscription Services   available on   - Client-less port-based
- URL/keyword/phrase block        FortiGate-     quarantine
- URL exempt list                 224B)          - Port-based quarantine
- Content profiles                               - Antivirus or IPS signature
- Blocks Java applets, cookies,                  trigger
Active X                                         - Quarantine VLAN
- Block by category                              - Administrator-defined resource
- HTTPS URL filtering                            access
- Integrated with protection                     - Manual or dynamic
profile                                          configuration options
                                                 - Quarantine portal
                                                 - Redirect Web request to
                                                 internal portal
                                                 - Client remediation
                                                 - Administrator-defined
                                                 parameters
                                                 - User self-remediation
URL Filtering for 9 Billion web      N   N/A   Y   In-house
objects based on 62 categories.
Allow and block lists for websites
and client hosts. Objectionable
content in email protocols is
blocked by spam analysis.



URL Filtering for 9 Billion web      N   N/A   Y   In-house
objects based on 62 categories.
Allow and block lists for websites
and client hosts. Objectionable
content in email protocols is
blocked by spam analysis.



URL Filtering for 9 Billion web      N   N/A   Y   In-house
objects based on 62 categories.
Allow and block lists for websites
and client hosts. Objectionable
content in email protocols is
blocked by spam analysis.



URL Filtering for 9 Billion web      N   N/A   Y   In-house
objects based on 62 categories.
Allow and block lists for websites
and client hosts. Objectionable
content in email protocols is
blocked by spam analysis.
URL Filtering for 9 Billion web      N   N/A   Y   In-house
objects based on 62 categories.
Allow and block lists for websites
and client hosts. Objectionable
content in email protocols is
blocked by spam analysis.



URL Filtering for 9 Billion web      N   N/A   Y   In-house
objects based on 62 categories.
Allow and block lists for websites
and client hosts. Objectionable
content in email protocols is
blocked by spam analysis.
Embedded Web Filtering             Y   The SSG 5 can act as                N   N/A
(SurfControl), External Redirect       enforcement point in a Juniper
Web Filtering (Websense);              Networks Unified Access Control
Whitelist/ Blacklist, Category-        deployment. The Infranet
based URL Filtering, Mobile            Controller interacts with the SSG
code blocking of Java, ActiveX,        5 to grant/deny access based on
and .EXE/.ZIP file downloads           granular criteria such as
                                       endpoint state and user identity
                                       attributes.
Embedded Web Filtering             Y   The SSG 20 can act as               N   N/A
(SurfControl), External Redirect       enforcement point in a Juniper
Web Filtering (Websense);              Networks Unified Access Control
Whitelist/ Blacklist, Category-        deployment. The Infranet
based URL Filtering, Mobile            Controller interacts with the SSG
code blocking of Java, ActiveX,        20 to grant/deny access based
and .EXE/.ZIP file downloads           on granular criteria such as
                                       endpoint state and user identity
                                       attributes.
Embedded Web Filtering             Y   The SSG 140 can act as              N   N/A
(SurfControl), External Redirect       enforcement point in a Juniper
Web Filtering (Websense);              Networks Unified Access Control
Whitelist/ Blacklist, Category-        deployment. The Infranet
based URL Filtering, Mobile            Controller interacts with the SSG
code blocking of Java, ActiveX,        5 to grant/deny access based on
and .EXE/.ZIP file downloads           granular criteria such as
                                       endpoint state and user identity
                                       attributes.
Embedded Web Filtering             Y   The SSG 320M can act as             N   N/A
(SurfControl), External Redirect       enforcement point in a Juniper
Web Filtering (Websense);              Networks Unified Access Control
Whitelist/ Blacklist, Category-        deployment. The Infranet
based URL Filtering, Mobile            Controller interacts with the SSG
code blocking of Java, ActiveX,        320M to grant/deny access
and .EXE/.ZIP file downloads           based on granular criteria such
                                       as endpoint state and user
                                       identity attributes.
Embedded Web Filtering             Y   The SSG 350M can act as             N   N/A
(SurfControl), External Redirect       enforcement point in a Juniper
Web Filtering (Websense);              Networks Unified Access Control
Whitelist/ Blacklist, Category-        deployment. The Infranet
based URL Filtering, Mobile            Controller interacts with the SSG
code blocking of Java, ActiveX,        350M to grant/deny access
and .EXE/.ZIP file downloads           based on granular criteria such
                                       as endpoint state and user
                                       identity attributes.
Embedded Web Filtering             Y   The SSG 520M can act as             N   N/A
(SurfControl), External Redirect       enforcement point in a Juniper
Web Filtering (Websense);              Networks Unified Access Control
Whitelist/ Blacklist, Category-        deployment. The Infranet
based URL Filtering, Mobile            Controller interacts with the SSG
code blocking of Java, ActiveX,        520M to grant/deny access
and .EXE/.ZIP file downloads           based on granular criteria such
                                       as endpoint state and user
                                       identity attributes.
Embedded Web Filtering             Y   The SSG 550M can act as             N   N/A
(SurfControl), External Redirect       enforcement point in a Juniper
Web Filtering (Websense);              Networks Unified Access Control
Whitelist/ Blacklist, Category-        deployment. The Infranet
based URL Filtering, Mobile            Controller interacts with the SSG
code blocking of Java, ActiveX,        550M to grant/deny access
and .EXE/.ZIP file downloads           based on granular criteria such
                                       as endpoint state and user
                                       identity attributes.
SnapGear is fully integrated with    Y   SnapGear UTM products allow        N
the filtering engine leveraged by        you to set up groups for regular
Secure Computing's Webwasher             Nessus Scans, define Allowed
technology, providing 64                 and Blocked Services for Policy
categories to filter upon. White         Groups. On-Demand-NAC
and black listing capabilities are       includes the ability to block
available in addition to the             unscanned Hosts.
Webwasher URL filtering
engineer.                                Customers looking for more
                                         granular NAC capabilities can
                                         leverage integrations completed
                                         with Firepipes NAC technology
                                         from AtlasGroup:
                                         http://www.atlasgroup.net
Sidewinder is fully integrated       N   N
with Secure Computing’s
SmartFilter URL filtering solution
to significantly reduce
productivity losses, legal risks,
and security exposure caused
by unauthorized employee
access to inappropriate,
malicious or distracting Web
content. SmartFilter URL filtering
also significantly reduces
bandwidth consumption by
blocking unwanted content like
advertising and pop-ups.




Full content filtering, including    N   N
analysis of content, context &
construction, in addition to
regular URL lists
SonicWALL Content Filtering        Y   SonicWALL Anti-Virus & Anti-        Y   In-house
Service (CFS) provides web site        Spyware solutions automatically
rating and caching The                 deliver updated security
Comprehensive CFS database             definitions immediately to the
includes URLs, IP addresses            endpoint as soon as they
and domains broken into 56             become available, protecting
categories. User and group             against today’s rapidly-evolving
based policies with schedules          threats. Working in conjunction
provide granular policy control.       with SonicWALL network
Local URL filtering options with       security appliances, the
Active X, Java and Cookie              SonicWALL Enforced Client
blocking. Integrated                   guarantees that all endpoints
management and reporting               have the latest versions of anti-
using SonicWALL Global                 virus and anti-spyware software
Management System (GMS and             installed and active.
Viewpoint reporting packages.
SonicWALL Content Filtering        Y   SonicWALL Anti-Virus & Anti-        Y   In-house
Service (CFS) provides web site        Spyware solutions automatically
rating and caching The                 deliver updated security
Comprehensive CFS database             definitions immediately to the
includes URLs, IP addresses            endpoint as soon as they
and domains broken into 56             become available, protecting
categories. User and group             against today’s rapidly-evolving
based policies with schedules          threats. Working in conjunction
provide granular policy control.       with SonicWALL network
Local URL filtering options with       security appliances, the
Active X, Java and Cookie              SonicWALL Enforced Client
blocking. Integrated                   guarantees that all endpoints
management and reporting               have the latest versions of anti-
using SonicWALL Global                 virus and anti-spyware software
Management System (GMS and             installed and active.
Viewpoint reporting packages.
SonicWALL Content Filtering        Y   SonicWALL Anti-Virus & Anti-        Y   In-house
Service (CFS) provides web site        Spyware solutions automatically
rating and caching The                 deliver updated security
Comprehensive CFS database             definitions immediately to the
includes URLs, IP addresses            endpoint as soon as they
and domains broken into 56             become available, protecting
categories. User and group             against today’s rapidly-evolving
based policies with schedules          threats. Working in conjunction
provide granular policy control.       with SonicWALL network
Local URL filtering options with       security appliances, the
Active X, Java and Cookie              SonicWALL Enforced Client
blocking. Integrated                   guarantees that all endpoints
management and reporting               have the latest versions of anti-
using SonicWALL Global                 virus and anti-spyware software
Management System (GMS and             installed and active.
Viewpoint reporting packages.
54 user control rules, plus: True   N   N
"zero day" attack prevention,
supported by spamBlocker,
WebBlocker and Gateway
Antivirus/IPS services.
Complemented by centralized
management, comprehensive
networking capabilities, such as
SSL VPN, and unmatched ease
of use
54 user control rules, plus: True   N   N
"zero day" attack prevention,
supported by spamBlocker,
WebBlocker and Gateway
Antivirus/IPS services.
Complemented by centralized
management, comprehensive
networking capabilities, such as
SSL VPN, and unmatched ease
of use
54 user control rules, plus: True   N   N
"zero day" attack prevention,
supported by spamBlocker,
WebBlocker and Gateway
Antivirus/IPS services.
Complemented by centralized
management, comprehensive
networking capabilities, such as
SSL VPN, and unmatched ease
of use
Dynamic Website Rating for        N                                    N
unknown sites. 56 Categories to
select allowed/blocked content.


Dynamic Website Rating for        N                                    N
unknown sites. 56 Categories to
select allowed/blocked content.


Dynamic Website Rating for        N                                    N
unknown sites. 56 Categories to
select allowed/blocked content.




Dynamic Website Rating for        Y   User Aware Engine that can tie   N
unknown sites. 56 Categories to       in with MS Active Directory to
select allowed/blocked content.       provide granular user name
                                      based policies.


Dynamic Website Rating for        Y   User Aware Engine that can tie   N
unknown sites. 56 Categories to       in with MS Active Directory to
select allowed/blocked content.       provide granular user name
                                      based policies.
                                                           Traffic
 Protocols   Custom                                                   P2P     Encrypte
                                  Features                Shaping
 supported   content?                                              detection? d P2P?
                                                             ?
HTTP         N          Spyware communication                Y         Y         Y
                        blocking prevents programs from
                        uploading their payloads (and
                        sensitive data) to the spyware
                        companies via both URL and IP
                        transmissions




                                                             N         Y         N
N   Y   N




N   Y   N




N   Y   N
(HTTP, IM,   y/n   Y   Y
SMTP, FTP,
etc)
Y   Y
Y   Y
Y   Y
Y   Y   Y
Y   Y
Y   Y
Y   Y   Y
Y   Y   Y
N/A   N/A   N/A   Yes   Yes   Yes
N/A   N/A   N/A   Yes   Yes   Yes




N/A   N/A   N/A   Yes   Yes   Yes
Web, IM, Mail   No   Block HTTP upload, IM file    Y   Y   Yes, Skype
                     transfer and attachments in
                     email
HTTP, FTP,   No   Email content/keyword             Y   Y   Y
SMTP, POP3        quarantine, Antispyware, Botnet
                  detection, keystroke logger
                  reporting protection
N/A   N/A   N/A   Y   Y   Y
HTTP, FTP,    NO   Detects credit card numbers,        N   Y   Y
SMB, SMTP,         postal addresses, social security
IMAP, POP3,        numbers, dollar values, phone
MSN                numbers, email addresses and
Messenger,         people's names as well as user
Yahoo              defined signatures within various
Messenger,         documents to prevent the
AOL IM, IRC        leakage of customer data

HTTP, FTP,    NO   Detects credit card numbers,        N   Y   Y
SMB, SMTP,         postal addresses, social security
IMAP, POP3,        numbers, dollar values, phone
MSN                numbers, email addresses and
Messenger,         people's names as well as user
Yahoo              defined signatures within various
Messenger,         documents to prevent the
AOL IM, IRC        leakage of customer data

HTTP, FTP,    NO   Detects credit card numbers,        N   Y   Y
SMB, SMTP,         postal addresses, social security
IMAP, POP3,        numbers, dollar values, phone
MSN                numbers, email addresses and
Messenger,         people's names as well as user
Yahoo              defined signatures within various
Messenger,         documents to prevent the
AOL IM, IRC        leakage of customer data

HTTP, FTP,    NO   Detects credit card numbers,        N   Y   Y
SMB, SMTP,         postal addresses, social security
IMAP, POP3,        numbers, dollar values, phone
MSN                numbers, email addresses and
Messenger,         people's names as well as user
Yahoo              defined signatures within various
Messenger,         documents to prevent the
AOL IM, IRC        leakage of customer data
HTTP, FTP,    NO   Detects credit card numbers,        N   Y   Y
SMB, SMTP,         postal addresses, social security
IMAP, POP3,        numbers, dollar values, phone
MSN                numbers, email addresses and
Messenger,         people's names as well as user
Yahoo              defined signatures within various
Messenger,         documents to prevent the
AOL IM, IRC        leakage of customer data

HTTP, FTP,    NO   Detects credit card numbers,        N   Y   Y
SMB, SMTP,         postal addresses, social security
IMAP, POP3,        numbers, dollar values, phone
MSN                numbers, email addresses and
Messenger,         people's names as well as user
Yahoo              defined signatures within various
Messenger,         documents to prevent the
AOL IM, IRC        leakage of customer data
N/A   N/A   N/A   Y   Yes (blocks     N
                        P2P/ IM
                      applications)
N/A   N/A   N/A   Y   Yes (blocks     N
                        P2P/ IM
                      applications)
N/A   N/A   N/A   Y   Yes (blocks     N
                        P2P/ IM
                      applications)
N/A   N/A   N/A   Y   Yes (blocks     N
                        P2P/ IM
                      applications)
N/A   N/A   N/A   Y   Yes (blocks     N
                        P2P/ IM
                      applications)
N/A   N/A   N/A   Y   Yes (blocks     N
                        P2P/ IM
                      applications)
N/A   N/A   N/A   Y   Yes (blocks     N
                        P2P/ IM
                      applications)
Y   Y   N
Y   Y   N




Y   Y   N
(HTTP, SMTP, Y   The E-Class NSA Series               Y   Y   Y
POP3, FTP, IM,   represents a new level of UTM
P2P and TCP)     protection and network control
                 through the Application Firewall
                 feature set, delivering a suite of
                 configurable tools to prevent
                 data leakage while providing
                 granular application control.
                 Application Firewall is a set of
                 granular, application specific
                 policies that allow custom
                 access control on per user, per e-
                 mail user, per schedule and per
                 IP subnet levels. Among its
                 wide range of policies, its
                 capabilities include restricting
                 transfer of specific files and
                 documents, blocking e-mail
                 attachments using a user-
                 configurable criteria, customized
                 application control, bandwidth
                 limiting for matched policies, as
                 well as denying internal and
                 external Web access based on
                 various user-configurable
                 options. Using Application
                 Firewall, the NSA Series
(HTTP, SMTP, Y   The E-Class NSA Series               Y   Y   Y
POP3, FTP, IM,   represents a new level of UTM
P2P and TCP)     protection and network control
                 through the Application Firewall
                 feature set, delivering a suite of
                 configurable tools to prevent
                 data leakage while providing
                 granular application control.
                 Application Firewall is a set of
                 granular, application specific
                 policies that allow custom
                 access control on per user, per e-
                 mail user, per schedule and per
                 IP subnet levels. Among its
                 wide range of policies, its
                 capabilities include restricting
                 transfer of specific files and
                 documents, blocking e-mail
                 attachments using a user-
                 configurable criteria, customized
                 application control, bandwidth
                 limiting for matched policies, as
                 well as denying internal and
                 external Web access based on
                 various user-configurable
                 options. Using Application
                 Firewall, the NSA Series
(HTTP, SMTP, Y   The E-Class NSA Series               Y   Y   Y
POP3, FTP, IM,   represents a new level of UTM
P2P and TCP)     protection and network control
                 through the Application Firewall
                 feature set, delivering a suite of
                 configurable tools to prevent
                 data leakage while providing
                 granular application control.
                 Application Firewall is a set of
                 granular, application specific
                 policies that allow custom
                 access control on per user, per e-
                 mail user, per schedule and per
                 IP subnet levels. Among its
                 wide range of policies, its
                 capabilities include restricting
                 transfer of specific files and
                 documents, blocking e-mail
                 attachments using a user-
                 configurable criteria, customized
                 application control, bandwidth
                 limiting for matched policies, as
                 well as denying internal and
                 external Web access based on
                 various user-configurable
                 options. Using Application
                 Firewall, the NSA Series
Y   Y   N




Y   Y   N




N   Y   N
Y   Y   N




Y   Y   N




Y   Y   N




Y   Y   N




Y   Y   N
                                     Site-to-    SSL
           Features           VPN?                               Features
                                      site?     VPN?
Easy one-click selection of    Y        Y        Y     SSL, IPSec, L2TP over IPSec,
patterns and actions                                   PPTP




                               Y        Y        N     AES, 3DES and Blowfish
                                                       encryption; SHA1, SHA256,
                                                       SHA384, SHA512 and MD5
                                                       authentication; static &
                                                       automatic keying; IPS
                                                       enforcement within VPN tunnels;
                                                       friendly IPSec wizard; PPTP
                                                       pass-through.
            pass-through.



Y   Y   N




Y   Y   N




Y   Y   N
Floodgate-1 for traffic shaping,    Y   Y   Y   Device includes 5 SSL VPN
and SmartDefense for P2P                        clients - downloadable Web plug-
detection. FloodGate-1, a policy-               ins that enables remote users to
based Quality of Service (QoS)                  access network (client/server)
solution for VPNs, private                      applications through a web
WANs, and Internet links.                       browser, eliminating the need to
FloodGate-1 optimizes network                   deploy and configure client
performance by assigning                        software on user PCs and
priority to business-critical                   laptops.
applications and end users.
SmartDefense provides
integrated P2P detection
protections.
Floodgate-1 for traffic shaping,    Y   Y   Y   Device includes 5 SSL VPN
and SmartDefense for P2P                        clients - downloadable Web plug-
detection. FloodGate-1, a policy-               ins that enables remote users to
based Quality of Service (QoS)                  access network (client/server)
solution for VPNs, private                      applications through a web
WANs, and Internet links.                       browser, eliminating the need to
FloodGate-1 optimizes network                   deploy and configure client
performance by assigning                        software on user PCs and
priority to business-critical                   laptops.
applications and end users.
SmartDefense provides
integrated P2P detection
protections.
Floodgate-1 for traffic shaping,    Y   Y   Y   Device includes 5 SSL VPN
and SmartDefense for P2P                        clients - downloadable Web plug-
detection. FloodGate-1, a policy-               ins that enables remote users to
based Quality of Service (QoS)                  access network (client/server)
solution for VPNs, private                      applications through a web
WANs, and Internet links.                       browser, eliminating the need to
FloodGate-1 optimizes network                   deploy and configure client
performance by assigning                        software on user PCs and
priority to business-critical                   laptops.
applications and end users.
SmartDefense provides
integrated P2P detection
protections.
Floodgate-1 for traffic shaping,    Y   Y   Y   Device includes 5 SSL VPN
and SmartDefense for P2P                        clients - downloadable Web plug-
detection. FloodGate-1, a policy-               ins that enables remote users to
based Quality of Service (QoS)                  access network (client/server)
solution for VPNs, private                      applications through a web
WANs, and Internet links.                       browser, eliminating the need to
FloodGate-1 optimizes network                   deploy and configure client
performance by assigning                        software on user PCs and
priority to business-critical                   laptops.
applications and end users.
SmartDefense provides
integrated P2P detection
protections.
Traffic Shaper - allows class      Y   Y   N   Remote access, Site to Site,
based QoS, DiffServ Support,                   L2TP VPN, OfficeMode, IPSEC
powerful QoS rule base, allows                 Compression, Hardware
rate limits , guarantees and                   Acceleration, Hardware Random
weights, Three delay sensitivity               Number Generator, NAT
levels, Centralized Floodgate                  Traversal, Route Based VPN,
management dashboard                           OSPF Dynamic Routing
                                               Integration, Community Based
                                               centralized management.
                                               SecuRemote VPN software
                                               included free of charge.
Floodgate-1 for traffic shaping,    Y   Y   Y   Device includes 5 SSL VPN
and SmartDefense for P2P                        clients - downloadable Web plug-
detection. FloodGate-1, a policy-               ins that enables remote users to
based Quality of Service (QoS)                  access network (client/server)
solution for VPNs, private                      applications through a web
WANs, and Internet links.                       browser, eliminating the need to
FloodGate-1 optimizes network                   deploy and configure client
performance by assigning                        software on user PCs and
priority to business-critical                   laptops.
applications and end users.
SmartDefense provides
integrated P2P detection
protections.
Floodgate-1 for traffic shaping,    Y   Y   Y   Device includes 5 SSL VPN
and SmartDefense for P2P                        clients - downloadable Web plug-
detection. FloodGate-1, a policy-               ins that enables remote users to
based Quality of Service (QoS)                  access network (client/server)
solution for VPNs, private                      applications through a web
WANs, and Internet links.                       browser, eliminating the need to
FloodGate-1 optimizes network                   deploy and configure client
performance by assigning                        software on user PCs and
priority to business-critical                   laptops.
applications and end users.
SmartDefense provides
integrated P2P detection
protections.
Traffic Shaper - allows class      Y   Y   N   Remote access, Site to Site,
based QoS, DiffServ Support,                   L2TP VPN, OfficeMode, IPSEC
powerful QoS rule base, allows                 Compression, Hardware
rate limits , guarantees and                   Acceleration, Hardware Random
weights, Three delay sensitivity               Number Generator, NAT
levels, Centralized Floodgate                  Traversal, Route Based VPN,
management dashboard                           OSPF Dynamic Routing
                                               Integration, Community Based
                                               centralized management.
                                               SecuRemote VPN software
                                               included free of charge.
Traffic Shaper - allows class      Y   Y   N   Remote access, Site to Site,
based QoS, DiffServ Support,                   L2TP VPN, OfficeMode, IPSEC
powerful QoS rule base, allows                 Compression, Hardware
rate limits , guarantees and                   Acceleration, Hardware Random
weights, Three delay sensitivity               Number Generator, NAT
levels, Centralized Floodgate                  Traversal, Route Based VPN,
management dashboard                           OSPF Dynamic Routing
                                               Integration, Community Based
                                               centralized management.
                                               SecuRemote VPN software
                                               included free of charge.
P2P inspection engines provide      Yes   Yes   Yes   Clientless SSL VPN with
visibility and control over P2P                       customizable portals, SSL and
products, P2P IPS services,                           IPSec VPN client support
ingress/egress rate limiting, and                     (Windows, Mac OS, Linux),
more                                                  SSL/TLS/DTLS support, unified
                                                      access policy enforcement
                                                      across protocols with visual
                                                      policy editor, VPN clustering and
                                                      load balancing, comprehensive
                                                      posture assessment and
                                                      endpoint security via Cisco
                                                      Secure Desktop, and more
P2P inspection engines provide      Yes   Yes   Yes   Clientless SSL VPN with
visibility and control over P2P                       customizable portals, SSL and
products, P2P IPS services,                           IPSec VPN client support
ingress/egress rate limiting, and                     (Windows, Mac OS, Linux),
more                                                  SSL/TLS/DTLS support, unified
                                                      access policy enforcement
                                                      across protocols with visual
                                                      policy editor, VPN clustering and
                                                      load balancing, comprehensive
                                                      posture assessment and
                                                      endpoint security via Cisco
                                                      Secure Desktop, and more




P2P inspection engines provide      Yes   Yes   Yes   Clientless SSL VPN with
visibility and control over P2P                       customizable portals, SSL and
products, P2P IPS services,                           IPSec VPN client support
ingress/egress rate limiting, and                     (Windows, Mac OS, Linux),
more                                                  SSL/TLS/DTLS support, unified
                                                      access policy enforcement
                                                      across protocols with visual
                                                      policy editor, VPN clustering and
                                                      load balancing, comprehensive
                                                      posture assessment and
                                                      endpoint security via Cisco
                                                      Secure Desktop, and more
Identity-based and firewall rule    Y   Y   N   *IPSec, L2TP, PPTP VPN
based bandwidth allocation                      Support
Committed and burstable                         *Cyberoam is VPNC certified
bandwidth                                       *Encryption:
Time-based, schedule-based                      3DES,DES,AES,Twofish,Blowfis
bandwidth allocation                            h,Serpent
Block P2P traffic by identity and               *Auth: Preshared Key, Digital
schedule                                        Certificates
                                                *IPSec NAT Traversal
                                                *Dead Peer Detection & PFS
                                                *External CA support
                                                *VPN Connection Redundancy
                                                *Domain Name Support for
                                                tunnel end points
Quality of Service, Application       Y   Y   N   3DES, AES, MD5, ESP Tunnel
and port prioritization and limits,               Mode, IPSec, PPTP, MS-CHAP
P2P granular controls and                         V2, VPN Forwarding, IPSec
blocking by type                                  NAT Traversal, Central VPN
                                                  Management,
Traffic Shaping                  Y   Y   Y   - ICSA Labs Certified (IPSec &
- Policy-based traffic shaping               SSL)
- Differentiated services                    - PPTP, IPSec and SSL
(DiffServ) support                           - Dedicated tunnels
- Guarantee/Max/Priority                     - DES, 3DES and AES
Bandwidth                                    encryption support
                                             - SHA-1/MD5 authentication
IM and peer-to-peer access                   - PPTP, L2TP, VPN client pass
control                                      through
- AOL, IM, Yahoo, MSN, ICQ                   - Hub and Spoke VPN Support
- Gnutella, BitTorrent, WinNY,               - IKE certificate authentication
Skype, eDonkey, KaZaa                        - IPSec NAT traversal
                                             - Dead peer detection
                                             - RSA SecurID support
Detect various P2P and block    Y   Y   N   IPSec VPN, VPNC certified,
various types of transactions               x509 and other certificates
depending on the P2P                        supported, user authentication to
client/protocol                             RADIUS/LDAP/Local user
                                            database, RSA SecureID and
                                            token support, Xauth over
                                            RADIUS, etc.


Detect various P2P and block    Y   Y   N   IPSec VPN, VPNC certified,
various types of transactions               x509 and other certificates
depending on the P2P                        supported, user authentication to
client/protocol                             RADIUS/LDAP/Local user
                                            database, RSA SecureID and
                                            token support, Xauth over
                                            RADIUS, etc.


Detect various P2P and block    Y   Y   N   IPSec VPN, VPNC certified,
various types of transactions               x509 and other certificates
depending on the P2P                        supported, user authentication to
client/protocol                             RADIUS/LDAP/Local user
                                            database, RSA SecureID and
                                            token support, Xauth over
                                            RADIUS, etc.


Detect various P2P and block    Y   Y   N   IPSec VPN, VPNC certified,
various types of transactions               x509 and other certificates
depending on the P2P                        supported, user authentication to
client/protocol                             RADIUS/LDAP/Local user
                                            database, RSA SecureID and
                                            token support, Xauth over
                                            RADIUS, etc.
Detect various P2P and block    Y   Y   N   IPSec VPN, VPNC certified,
various types of transactions               x509 and other certificates
depending on the P2P                        supported, user authentication to
client/protocol                             RADIUS/LDAP/Local user
                                            database, RSA SecureID and
                                            token support, Xauth over
                                            RADIUS, etc.


Detect various P2P and block    Y   Y   N   IPSec VPN, VPNC certified,
various types of transactions               x509 and other certificates
depending on the P2P                        supported, user authentication to
client/protocol                             RADIUS/LDAP/Local user
                                            database, RSA SecureID and
                                            token support, Xauth over
                                            RADIUS, etc.
Guaranteed bandwidth;                Yes    Y   N   Policy-based IPSec VPN; Route-
Maximum bandwidth; Ingress         (IPSec           based VPN; Auto-Connect VPN;
traffic policing; Priority-         VPN)            Remote Access VPN with Xauth
bandwidth utilization;                              with mode configuration; Group
Differentiated Services stamping                    Keys; Layer 2 Tunneling
                                                    Protocol (L2TP) within IPSec;
                                                    DES encryption (56-bit); 3DES
                                                    encryption (168-bit); Advanced
                                                    Encryption Standard (AES) 128-
                                                    bit, 192-bit and 256-bit; MD-5
                                                    and SHA-1 authentication;
                                                    Manual Key, Internet Key
                                                    Exchange (IKE), IKEv2 with EAP
                                                    Public Key Infrastructure (PKI)
                                                    (X.509); Perfect Forward
                                                    Secrecy (DH Groups); Prevent
                                                    replay attacks; IPSec Network
                                                    Address Translation (NAT)
                                                    Traversal; Redundant VPN
                                                    gateways
Guaranteed bandwidth;                Yes    Y   N   Policy-based IPSec VPN; Route-
Maximum bandwidth; Ingress         (IPSec           based VPN; Auto-Connect VPN;
traffic policing; Priority-         VPN)            Remote Access VPN with Xauth
bandwidth utilization;                              with mode configuration; Group
Differentiated Services stamping                    Keys; Layer 2 Tunneling
                                                    Protocol (L2TP) within IPSec;
                                                    DES encryption (56-bit); 3DES
                                                    encryption (168-bit); Advanced
                                                    Encryption Standard (AES) 128-
                                                    bit, 192-bit and 256-bit; MD-5
                                                    and SHA-1 authentication;
                                                    Manual Key, Internet Key
                                                    Exchange (IKE), IKEv2 with EAP
                                                    Public Key Infrastructure (PKI)
                                                    (X.509); Perfect Forward
                                                    Secrecy (DH Groups); Prevent
                                                    replay attacks; IPSec Network
                                                    Address Translation (NAT)
                                                    Traversal; Redundant VPN
                                                    gateways
Guaranteed bandwidth;                Yes    Y   N   Policy-based IPSec VPN; Route-
Maximum bandwidth; Ingress         (IPSec           based VPN; Auto-Connect VPN;
traffic policing; Priority-         VPN)            Remote Access VPN with Xauth
bandwidth utilization;                              with mode configuration; Group
Differentiated Services stamping                    Keys; Layer 2 Tunneling
                                                    Protocol (L2TP) within IPSec;
                                                    DES encryption (56-bit); 3DES
                                                    encryption (168-bit); Advanced
                                                    Encryption Standard (AES) 128-
                                                    bit, 192-bit and 256-bit; MD-5
                                                    and SHA-1 authentication;
                                                    Manual Key, Internet Key
                                                    Exchange (IKE), IKEv2 with EAP
                                                    Public Key Infrastructure (PKI)
                                                    (X.509); Perfect Forward
                                                    Secrecy (DH Groups); Prevent
                                                    replay attacks; IPSec Network
                                                    Address Translation (NAT)
                                                    Traversal; Redundant VPN
                                                    gateways
Guaranteed bandwidth;                Yes    Y   N   Policy-based IPSec VPN; Route-
Maximum bandwidth; Ingress         (IPSec           based VPN; Auto-Connect VPN;
traffic policing; Priority-         VPN)            Remote Access VPN with Xauth
bandwidth utilization;                              with mode configuration; Group
Differentiated Services stamping                    Keys; Layer 2 Tunneling
                                                    Protocol (L2TP) within IPSec;
                                                    DES encryption (56-bit); 3DES
                                                    encryption (168-bit); Advanced
                                                    Encryption Standard (AES) 128-
                                                    bit, 192-bit and 256-bit; MD-5
                                                    and SHA-1 authentication;
                                                    Manual Key, Internet Key
                                                    Exchange (IKE), IKEv2 with EAP
                                                    Public Key Infrastructure (PKI)
                                                    (X.509); Perfect Forward
                                                    Secrecy (DH Groups); Prevent
                                                    replay attacks; IPSec Network
                                                    Address Translation (NAT)
                                                    Traversal; Redundant VPN
                                                    gateways
Guaranteed bandwidth;                Yes    Y   N   Policy-based IPSec VPN; Route-
Maximum bandwidth; Ingress         (IPSec           based VPN; Auto-Connect VPN;
traffic policing; Priority-         VPN)            Remote Access VPN with Xauth
bandwidth utilization;                              with mode configuration; Group
Differentiated Services stamping                    Keys; Layer 2 Tunneling
                                                    Protocol (L2TP) within IPSec;
                                                    DES encryption (56-bit); 3DES
                                                    encryption (168-bit); Advanced
                                                    Encryption Standard (AES) 128-
                                                    bit, 192-bit and 256-bit; MD-5
                                                    and SHA-1 authentication;
                                                    Manual Key, Internet Key
                                                    Exchange (IKE), IKEv2 with EAP
                                                    Public Key Infrastructure (PKI)
                                                    (X.509); Perfect Forward
                                                    Secrecy (DH Groups); Prevent
                                                    replay attacks; IPSec Network
                                                    Address Translation (NAT)
                                                    Traversal; Redundant VPN
                                                    gateways
Guaranteed bandwidth;                Yes    Y   N   Policy-based IPSec VPN; Route-
Maximum bandwidth; Ingress         (IPSec           based VPN; Auto-Connect VPN;
traffic policing; Priority-         VPN)            Remote Access VPN with Xauth
bandwidth utilization;                              with mode configuration; Group
Differentiated Services stamping                    Keys; Layer 2 Tunneling
                                                    Protocol (L2TP) within IPSec;
                                                    DES encryption (56-bit); 3DES
                                                    encryption (168-bit); Advanced
                                                    Encryption Standard (AES) 128-
                                                    bit, 192-bit and 256-bit; MD-5
                                                    and SHA-1 authentication;
                                                    Manual Key, Internet Key
                                                    Exchange (IKE), IKEv2 with EAP
                                                    Public Key Infrastructure (PKI)
                                                    (X.509); Perfect Forward
                                                    Secrecy (DH Groups); Prevent
                                                    replay attacks; IPSec Network
                                                    Address Translation (NAT)
                                                    Traversal; Redundant VPN
                                                    gateways
Guaranteed bandwidth;                Yes    Y   N   Policy-based IPSec VPN; Route-
Maximum bandwidth; Ingress         (IPSec           based VPN; Auto-Connect VPN;
traffic policing; Priority-         VPN)            Remote Access VPN with Xauth
bandwidth utilization;                              with mode configuration; Group
Differentiated Services stamping                    Keys; Layer 2 Tunneling
                                                    Protocol (L2TP) within IPSec;
                                                    DES encryption (56-bit); 3DES
                                                    encryption (168-bit); Advanced
                                                    Encryption Standard (AES) 128-
                                                    bit, 192-bit and 256-bit; MD-5
                                                    and SHA-1 authentication;
                                                    Manual Key, Internet Key
                                                    Exchange (IKE), IKEv2 with EAP
                                                    Public Key Infrastructure (PKI)
                                                    (X.509); Perfect Forward
                                                    Secrecy (DH Groups); Prevent
                                                    replay attacks; IPSec Network
                                                    Address Translation (NAT)
                                                    Traversal; Redundant VPN
                                                    gateways
Two major tools that provide           Y   Y   Y and N SnapGear has a 10 year history
traffic shaping capabilities to                        of providing extensive VPN
touch on: 1. QOS Autoshaper                            capabilities and continually finds
and 2. Type of Service (TOS)                           itself unintentionally competing
priority rules.                                        with VPN concentrators due to
QOS: A Layer 7 (L7) filter exists                      the scalability provided.
to identify streaming traffic (like                    IPSec 3DES
bit torrent) allowing for                              IPSec AES (256 bit)
prioritization.                                        PPTP RC4 (128 bit)
                                                       L2TP VPN
TOS: Low, Medium or High                               GRE
priorities can be set for traffic to                   All SnapGear appliances
or from specific addresses or                          support the most popular
groups of addresses, services or                       encryption algorithms, all aided
groups of services. The                                with simple to use wizard setup.
versatility of tool allows this
capability to be used when at                           SnapGear appliances can also
least one traffic characteristic or                     handle virtually an unlimited
element is known.                                       number of VPN tunnels by
                                                        leveraging VPN Offloading
Either tool will place EF DSCP                          technology (Patent Pending).
packets as high priority if                             This capability allows SnapGear
required. Specifically targeted                         appliances to be leveraged as
for VoIP traffic.                                       VPN slave devices, all managed
                                                        by a central SnapGear device.
Load balancing across 2 or more                         For example, if a SnapGear
Internet circuits, and port                             appliance can manage 200
                          Y   Y   N   IPSec VPN




DSCP, Intra-VPN traffic   Y   Y   N   IPSec & L2TP for both site-to-
management                            site and secure remote access.
                                      SSL VPN added by an update
                                      Q1 08
SonicWALL E-Class NSA Series        Y   Y   N   VPN options include site-to-site
provides the ability to do                      and client-to-site configurations.
application based traffic shaping               Encryption and Authentication
using Application Firewall,                     options including DES, 3DES,
802.1p, DSCP tagging and                        AES SHA-1 and MD5. Key
provide bandwidth based traffic                 exchange methods include IKE,
shaping policy control. P2P                     IKEv2, Manual Key and
detection and blocking include,                 PKI(X.509). Redundant VPN
Emule, Kazaa, eDonkey,                          gateways provides VPN fail-over
BitTorrent and more. For                        capabilities.
encrypted P2P applications
SonicWALL has the ability to
block Skype and other encrypted
P2P applications.
SonicWALL E-Class NSA Series        Y   Y   N   VPN options include site-to-site
provides the ability to do                      and client-to-site configurations.
application based traffic shaping               Encryption and Authentication
using Application Firewall,                     options including DES, 3DES,
802.1p, DSCP tagging and                        AES SHA-1 and MD5. Key
provide bandwidth based traffic                 exchange methods include IKE,
shaping policy control. P2P                     IKEv2, Manual Key and
detection and blocking include,                 PKI(X.509). Redundant VPN
Emule, Kazaa, eDonkey,                          gateways provides VPN fail-over
BitTorrent and more. For                        capabilities.
encrypted P2P applications
SonicWALL has the ability to
block Skype and other encrypted
P2P applications.
SonicWALL E-Class NSA Series        Y   Y   N   VPN options include site-to-site
provides the ability to do                      and client-to-site configurations.
application based traffic shaping               Encryption and Authentication
using Application Firewall,                     options including DES, 3DES,
802.1p, DSCP tagging and                        AES SHA-1 and MD5. Key
provide bandwidth based traffic                 exchange methods include IKE,
shaping policy control. P2P                     IKEv2, Manual Key and
detection and blocking include,                 PKI(X.509). Redundant VPN
Emule, Kazaa, eDonkey,                          gateways provides VPN fail-over
BitTorrent and more. For                        capabilities.
encrypted P2P applications
SonicWALL has the ability to
block Skype and other encrypted
P2P applications.
Y   Y   Y   Both IPSec and SSL VPN (thin
            client/Web Exchange), drag and
            drop VPN tunnels, hardware
            based encryption, up to 6,000
            SSL VPN concurrent tunnels.




Y   Y   Y   Both IPSec and SSL VPN (thin
            client/Web Exchange), drag and
            drop VPN tunnels, hardware
            based encryption, up to 500 SSL
            VPN concurrent tunnels.




Y   Y   Y   Both IPSec and SSL VPN (thin
            client/Web Exchange), drag and
            drop VPN tunnels, hardware
            based encryption, up to 55 SSL
            VPN concurrent tunnels.
Bandwidth Management Control   Y   Y   N   ICSA Certified. 10 IPSec
                                           Tunnels



Bandwidth Management Control   Y   Y   N   ICSA Certified. 35 IPSec
                                           Tunnels



Bandwidth Management Control   Y   Y   N   ICSA Certified. 100 IPSec
                                           Tunnels




Bandwidth Management Control   Y   Y   Y   ICSA Certified. 200 IPSec
                                           Tunnels; 2 Upgradable to 10
                                           SSL Tunnels; Hybrid VPN
                                           (IPSec and SSL VPN).
                                           Redundant VPN gateway
                                           Feature for High Availability.
Bandwidth Management Control   Y   Y   Y   ICSA Certified. 1000 IPSec
                                           Tunnels; Up to 20 SSL Tunnels;
                                           Hybrid VPN (IPSec and SSL
                                           VPN). Redundant VPN gateway
                                           Feature for High Availability.
           Other Capabilities                   Management Interface            Integration notes

                                               Web via HTTPS 7th
                                               Generation Ajax GUI




IM Blocking; PPTP pass-through;                Web                     Fully integrated plug and play solution
comprehensive reporting and graphs; live                               that is completely operational 30
connections monitoring; daily administrator                            minutes out of the box. Appliance
PDF reports; comprehensive network                                     automatically updates to latest
management including static IP mapping (1:1                            firmware including all enhancements.
NAT), IP aliases and more; diagnostic tools;                           VPN integrates with most major
highly secure OpenBSD OS; and more.                                    solutions. Includes integration with
                                                                       Microsoft Active Directory.
      Microsoft Active Directory.



Web




Web




Web
Web\CLI for local device   SmartCenter management integrates
management, integrated     with any Check Point OPSEC partner
SmartCenter GUI for
centralized management.
Web\CLI for local device   SmartCenter management integrates
management, integrated     with any Check Point OPSEC partner
SmartCenter GUI for
centralized management.
Web\CLI for local device   SmartCenter management integrates
management, integrated     with any Check Point OPSEC partner
SmartCenter GUI for
centralized management.
Web\CLI for managing device, SmartCenter management integrates
SmartConsole for managing with any OPSEC partner
Security
Print Server, Remote Desktop, Transparent    Local Web-based            Supports SNMP Monitoring and
Bridge Mode, Integrated 4-Port switch with   Management (HTTP, HTTPS Syslog Logging.
Port Based and Tag Based VLAN. Flexible      remote access) , SSH CLI,
mounting and power-supply options to fit     Serial CLI. Centralized
industrial-Ethernet and SCADA                management with
environments.                                SmartCenter/SmartLSM/Provi
                                             der-1.
Web\CLI for managing device, SmartCenter management integrates
SmartConsole for managing with any OPSEC partner
Security
Web\CLI for managing device, SmartCenter management integrates
SmartConsole for managing with any OPSEC partner
Security
Print Server, Remote Desktop, Transparent    Local Web-based            Supports SNMP Monitoring and
Bridge Mode, Integrated 4-Port switch with   Management (HTTP, HTTPS Syslog Logging.
Port Based and Tag Based VLAN. Flexible      remote access) , SSH CLI,
mounting and power-supply options to fit     Serial CLI. Centralized
industrial-Ethernet and SCADA                management with
environments.                                SmartCenter/SmartLSM/Provi
                                             der-1.
Print Server, Remote Desktop, Transparent    Local Web-based            Supports SNMP Monitoring and
Bridge Mode, Integrated 4-Port switch with   Management (HTTP, HTTPS Syslog Logging.
Port Based and Tag Based VLAN.               remote access) , SSH CLI,
                                             Serial CLI. Centralized
                                             management with
                                             SmartCenter/SmartLSM/Provi
                                             der-1.
Active/Active and Active/Standby failover       Integrated web user interface,    Part of Cisco Self-Defending Network,
support, "zero downtime" software upgrades,     CLI, SSH, SCP, SNMPv2c,           integrates with many products,
EIGRP / OSPF / RIP dynamic routing,             Auto Update, XML/HTTPS,           including (but not exclusive to): Cisco
multicast routing, dynamic / static / policy-   and more. Centralized             Security Agent (desktop/server
based NAT services, Packet Tracer for           management with Cisco             protection), Cisco Security Manager
simplified troubleshooting, and much more       Security Manager.                 (centralized management), Cisco
                                                Centralized event                 MARS (centralized event
                                                monitoring/correlation/mitigati   management), Cisco Integrated
                                                on with Cisco MARS.               Services Routers, Cisco Unified Call
                                                                                  Manager, and much more
Active/Active and Active/Standby failover       Integrated web user interface,    Part of Cisco Self-Defending Network,
support, "zero downtime" software upgrades,     CLI, SSH, SCP, SNMPv2c,           integrates with many products,
EIGRP / OSPF / RIP dynamic routing,             Auto Update, XML/HTTPS,           including (but not exclusive to): Cisco
multicast routing, dynamic / static / policy-   and more. Centralized             Security Agent (desktop/server
based NAT services, Packet Tracer for           management with Cisco             protection), Cisco Security Manager
simplified troubleshooting, and much more       Security Manager.                 (centralized management), Cisco
                                                Centralized event                 MARS (centralized event
                                                monitoring/correlation/mitigati   management), Cisco Integrated
                                                on with Cisco MARS.               Services Routers, Cisco Unified Call
                                                                                  Manager, and much more




Active/Active and Active/Standby failover       Integrated web user interface,    Part of Cisco Self-Defending Network,
support, "zero downtime" software upgrades,     CLI, SSH, SCP, SNMPv2c,           integrates with many products,
EIGRP / OSPF / RIP dynamic routing,             Auto Update, XML/HTTPS,           including (but not exclusive to): Cisco
multicast routing, dynamic / static / policy-   and more. Centralized             Security Agent (desktop/server
based NAT services, Packet Tracer for           management with Cisco             protection), Cisco Security Manager
simplified troubleshooting, and much more       Security Manager.                 (centralized management), Cisco
                                                Centralized event                 MARS (centralized event
                                                monitoring/correlation/mitigati   management), Cisco Integrated
                                                on with Cisco MARS.               Services Routers, Cisco Unified Call
                                                                                  Manager, and much more
*Bandwidth Management: Application and       Console Interface          NA
User Identity-based management with          Web GUI (HTTPS)
guaranteed and burstable bandwidth policy.   CLI
Multiple WAN bandwidth Reporting             SSH
                                             SNMP(v1,v2,v3)
*User Identity & Group Based Control:        Cyberoam Central Console
Various policies like Access Time Policy,
Time Quota, Data Quota, Scheduling based
on user and group

*High Availability: Active-Active, Active-
Passive, Stateful Failover and alerts

*On-Appliance Reporting: User-based
reporting on appliance for all modules on
internal HDD

*Compliance & Certification: CE, FCC,
ICSA, VPNC
Email Server, Webmail Server, Email and        Web/Browser-based GUI -     ICSA, VPNC, Complete
Web Reputation services provided by eSoft's    ThreatMonitor, ThreatMap,   Interoperability, Active Directory/LDAP,
Distributed Intelligence Architecture,         SoftPak Director            Transparent Proxy
Flexible/Graphical reporting by user, group,
and Company, simple "keyless" subscription
management eliminates software license
keys
Virtual Domain (VDOMs)                            - CLI Console Interface (RS-    FortiGate systems can also integrate
- Separate firewall/routing domains               232)                            with other platforms with standard
- Separate Administrative domains                 - WebUI (HTTP/HTTPS)            protocol-like Syslog and SNMP.
- Separate VLAN interfaces                        - Telnet / Secure Command
- 10 VDOMs (standard)                             Shell (SSH)
- Up to 250 VDOMs (optional license -             - Role-based administration
models 3000 and higher)                           - Multi-language support
                                                  - Multiple administrators and
Logging / Monitoring                              user levels
- Internal logging                                - Upgrades and changes Via
- Log to remote Syslog/WELF server                FTP and WebUI
- Graphical real-time and historical monitoring   - System software rollback
- SNMP                                            - Central management via
- Email notification of viruses and attacks       FortiManager (optional)
- VPN tunnel monitor
- Optional FortiAnalyzer logging

Networking / Routing
- Multiple WAN link support
- PPPoE support
- DHCP client/server
- Policy-based routing
- Dynamic routing (RIP v1 & v2, OSPF, BGP,
& Multicast)
- Multi-Zone support with routing between
zones
- Route between virtual LANs (VDOMS)
option of local management    Tivoli, Variety of SIM products, Solsoft,
through Web GUI or CLI,       HP Openview, SNMP management
optional central management




option of local management    Tivoli, Variety of SIM products, Solsoft,
through Web GUI or CLI,       HP Openview, SNMP management
optional central management




option of local management    Tivoli, Variety of SIM products, Solsoft,
through Web GUI or CLI,       HP Openview, SNMP management
optional central management




option of local management    Tivoli, Variety of SIM products, Solsoft,
through Web GUI or CLI,       HP Openview, SNMP management
optional central management
option of local management    Tivoli, Variety of SIM products, Solsoft,
through Web GUI or CLI,       HP Openview, SNMP management
optional central management




option of local management    Tivoli, Variety of SIM products, Solsoft,
through Web GUI or CLI,       HP Openview, SNMP management
optional central management
Command Line Interface      SSG supports 802.1x and can be
(CLI); Web GUI; NetScreen   integrated with Juniper Infranet
Security Manager (NSM)      Controllers to provide endpoint
                            enforcement. SSG also supports
                            Avaya VoIP ALGs.
Command Line Interface      SSG supports 802.1x and can be
(CLI); Web GUI; NetScreen   integrated with Juniper Infranet
Security Manager (NSM)      Controllers to provide endpoint
                            enforcement. SSG also supports
                            Avaya VoIP ALGs.
Command Line Interface      SSG supports 802.1x and can be
(CLI); Web GUI; NetScreen   integrated with Juniper Infranet
Security Manager (NSM)      Controllers to provide endpoint
                            enforcement. SSG also supports
                            Avaya VoIP ALGs.
Command Line Interface      SSG supports 802.1x and can be
(CLI); Web GUI; NetScreen   integrated with Juniper Infranet
Security Manager (NSM)      Controllers to provide endpoint
                            enforcement. SSG also supports
                            Avaya VoIP ALGs.
Command Line Interface      SSG supports 802.1x and can be
(CLI); Web GUI; NetScreen   integrated with Juniper Infranet
Security Manager (NSM)      Controllers to provide endpoint
                            enforcement. SSG also supports
                            Avaya VoIP ALGs.
Command Line Interface      SSG supports 802.1x and can be
(CLI); Web GUI; NetScreen   integrated with Juniper Infranet
Security Manager (NSM)      Controllers to provide endpoint
                            enforcement. SSG also supports
                            Avaya VoIP ALGs.
Command Line Interface      SSG supports 802.1x and can be
(CLI); Web GUI; NetScreen   integrated with Juniper Infranet
Security Manager (NSM)      Controllers to provide endpoint
                            enforcement. SSG also supports
                            Avaya VoIP ALGs.
Secure Computing provides the first and only     Web, CLI, Telnet (dial-in only), SnapGear firewalls integrate well with
Firewalls that offer reputation-based security   SSH, SSL                         all other Secure Computing product
for the edge of networks. SnapGear                                                offerings including Webwasher
incorporates a bi-directional global                                              technology and Safeword (strong
intelligence feed from Secure Computing’s                                         authentication). SnapGear can also
industry-leading reputation service,                                              be used in conjunction with any other
TrustedSource. This enables SnapGear to                                           SMB firewall offering on the market.
make proactive security decisions based on                                        VPNC and ISCA Labs certification
the real-time known behavior of IP addresses                                      ensure interoperability with competitive
worldwide.                                                                        appliances.

                                                                                 In addition to in-house centralized
                                                                                 management and monitoring,
                                                                                 SnapGear does integrate with other
                                                                                 MSP software packages.

                                                                                 SnapGear OEM relationships require
                                                                                 integration with a multitude of 3rd party
                                                                                 applications. (Applications cannot be
                                                                                 listed here due to privacy agreements)

                                                                                 Several OEM agreements require
                                                                                 testing and interoperability with 3G
                                                                                 wireless card manufacturers, 3rd party
                                                                                 central management systems, and
                                                                                 dedicated wireless access points.
                                                                                 (Need to separate the WAP and
Secure Computing provides the first and only         Windows-based client    Sidewinder integrates with Secure
Firewalls that offer reputation-based security       application             Computing products including
for the edge of networks. Sidewinder                                         SafeWord Identity and Access
incorporates a bi-directional global                                         Management products, IronMail
intelligence feed from Secure Computing’s                                    Messaging Gateway appliances,
industry-leading reputation service,                                         Webwasher Web Gateway appliances,
TrustedSource. This enables Sidewinder to                                    and SnapGear all-in-one Internet
make proactive security decisions based on                                   security appliances for small
the real-time known behavior of IP addresses                                 businesses.
worldwide. In addition, Sidewinder has been
on the leading edge of Firewalls that can
decrypt encrypted SSL traffic to apply deep
inspection or application filtering so it's not an
attack waiting to happen on the internal
application servers behind the Firewall.




                                                     Web + SNMP monitoring   (If product integrates with other
                                                                             security products, enterprise security
                                                                             system, or other security suite.)
Web, CLI, SSH, SNMP and   SonicWALL E-Class NSA appliances
SonicWALL Global          can be integrated with HP ProCurve
Management System         Manager Plus (PCM+) and HP
                          Network Immunity Manager (NIM)
                          server software packages to provide
                          management of the switch
                          infrastructure and SonicWALL UTM
                          appliances. The most common
                          deployments include Gateway mode,
                          In-Line Layer 2 Bridge mode, One-Port
                          Sniffer mode and PortShield Multizone
                          Mode. For more information please
                          reference this SonicWALL TechNote:
                          http://www.sonicwall.com/downloads/I
                          ntegrating_SonicWALL_PRO_and_HP
                          (1).pdf.
Web, CLI, SSH, SNMP and   SonicWALL E-Class NSA appliances
SonicWALL Global          can be integrated with HP ProCurve
Management System         Manager Plus (PCM+) and HP
                          Network Immunity Manager (NIM)
                          server software packages to provide
                          management of the switch
                          infrastructure and SonicWALL UTM
                          appliances. The most common
                          deployments include Gateway mode,
                          In-Line Layer 2 Bridge mode, One-Port
                          Sniffer mode and PortShield Multizone
                          Mode. For more information please
                          reference this SonicWALL TechNote:
                          http://www.sonicwall.com/downloads/I
                          ntegrating_SonicWALL_PRO_and_HP
                          (1).pdf.
Web, CLI, SSH, SNMP and   SonicWALL E-Class NSA appliances
SonicWALL Global          can be integrated with HP ProCurve
Management System         Manager Plus (PCM+) and HP
                          Network Immunity Manager (NIM)
                          server software packages to provide
                          management of the switch
                          infrastructure and SonicWALL UTM
                          appliances. The most common
                          deployments include Gateway mode,
                          In-Line Layer 2 Bridge mode, One-Port
                          Sniffer mode and PortShield Multizone
                          Mode. For more information please
                          reference this SonicWALL TechNote:
                          http://www.sonicwall.com/downloads/I
                          ntegrating_SonicWALL_PRO_and_HP
                          (1).pdf.
High Availability, WAN Failover   Client application            Logging and reporting: WebTrends
                                                                compatible reports (WELF), HTML and
                                                                PDF reports, SQL logs, encrypted log
                                                                channel, syslog, SNMP v2 and v3.
                                                                Alarms: SNMP, Email, Management
                                                                System Alert.




High Availability, WAN Failover   Client application            Logging and reporting: WebTrends
                                                                compatible reports (WELF), HTML and
                                                                PDF reports, SQL logs, encrypted log
                                                                channel, syslog, SNMP v2 and v3.
                                                                Alarms: SNMP, Email, Management
                                                                System Alert.




WAN Failover                      HTTPS or Client application   Logging and reporting: WebTrends
                                                                compatible reports (WELF), HTML and
                                                                PDF reports, SQL logs, encrypted log
                                                                channel, syslog, SNMP v2 and v3.
                                                                Alarms: SNMP, Email, Management
                                                                System Alert.
Dial back-up.                              HTTP, HTTPS, FTP, CLI,
                                           SNMP, SSH, Telnet, Console



DUAL WAN Load Balancing and Failover.      HTTP, HTTPS, FTP, CLI,
Dial Backup.                               SNMP, SSH, Telnet, Console



DUAL WAN Load Balancing and Failover.      HTTP, HTTPS, FTP, CLI,
Dial Backup.                               SNMP, SSH, Telnet, Console




Device High Availability. WAN Load         HTTP, HTTPS, FTP, CLI,
Balancing and Failover. VLAN aware. Dial   SNMP, SSH, Telnet, Console
Backup



Device High Availability. WAN Load         HTTP, HTTPS, FTP, CLI,
Balancing and Failover. VLAN aware. Dial   SNMP, SSH, Telnet, Console
Backup
      Centralized management
                                                                   Other notes
              specifics
Yes. Astaro Command Center
manages the deployment of multiple
Astaro Security Gateways; Device
monitoring: Tracks license status,
threats, firmware/pattern versions,
resource usage and other system
parameters; Central configuration:
Centralizes control over updates,
security policies and other settings for
all devices or subsets of devices; Role-
based administration provide different
management rights to various
administrative users at the same time,
including full revision capability.


N/A                                        Each model of the AccessEnforcer provides a robust
                                           hardware platform for the recommended number of users
                                           to ensure, first, that all features can be fully activated and
                                           second, that each model is scalable to accommodate
                                           expanded functionality afforded through the company's
                                           product roadmap. All software enhancements are
                                           automatically upgraded with no additional charges. Near
                                           term enhancements will include mobile VPN, network
                                           lockdown and expanded Active Directory integration.
      term enhancements will include mobile VPN, network
      lockdown and expanded Active Directory integration.


N/A




N/A




N/A
(If product integrates with a larger   UTM-1 cluster enables 2 units working as a single
management or tiered system, please    Management+Enforcement module in an Active\Passive
mention how multiple remote devices    configuration without the need of an additional license.
can be centrally managed and           Security policy, logs and reports are synced automatically
monitored, and what the cost of        between devices.
additional components is.
UTM-1 cluster enables 2 units working as a single
Management+Enforcement module in an Active\Passive
configuration without the need of an additional license.
Security policy, logs and reports are synced automatically
between devices.
UTM-1 cluster enables 2 units working as a single
Management+Enforcement module in an Active\Passive
configuration without the need of an additional license.
Security policy, logs and reports are synced automatically
between devices.
UTM-1 cluster enables 2 units working as a single
Management+Enforcement module in an Active\Passive
configuration without the need of an additional license.
Security policy, logs and reports are synced automatically
between devices.
See                                    190Mbps throughput. 8000 Concurrent Connections. All
http://www.checkpoint.com/products/s   UTM engines can be used concurrently, and are not
martcenter/                            mutually exclusive.
UTM-1 cluster enables 2 units working as a single
Management+Enforcement module in an Active\Passive
configuration without the need of an additional license.
Security policy, logs and reports are synced automatically
between devices.
UTM-1 cluster enables 2 units working as a single
Management+Enforcement module in an Active\Passive
configuration without the need of an additional license.
Security policy, logs and reports are synced automatically
between devices.
See                                    190Mbps throughput. 8000 Concurrent Connections. All
http://www.checkpoint.com/products/s   UTM engines can be used concurrently, and are not
martcenter/                            mutually exclusive.
See                                    190Mbps throughput. 8000 Concurrent Connections.
http://www.checkpoint.com/products/s   Includes 4 port fast Ethernet switch with port based and tag
martcenter/                            based VLAN support.
                                       Unlike some competitor, all UTM engines can be used
                                       concurrently, and are not mutually exclusive.
Managed by Cisco Security Manager,
which scales to managing up to 5000
devices, and offers features such as
role-based administrative access,
hierarchical management with policy
inheritance, workflow support for
formalized configuration change
control, manages all Cisco security
products (including appliances,
routers, and switches). Pricing starts
at $3,500 for a 5 device license. Cisco
MARS provides centralized event
management, correlation, and
mitigation for a wide range of both
Cisco and 3rd party security products.
Pricing starts at $7,500 for Cisco
MARS 20R.
Managed by Cisco Security Manager,
which scales to managing up to 5000
devices, and offers features such as
role-based administrative access,
hierarchical management with policy
inheritance, workflow support for
formalized configuration change
control, manages all Cisco security
products (including appliances,
routers, and switches). Pricing starts
at $3,500 for a 5 device license. Cisco
MARS provides centralized event
management, correlation, and
mitigation for a wide range of both
Cisco and 3rd party security products.
Pricing starts at $7,500 for Cisco
MARS 20R.
Managed by Cisco Security Manager,
which scales to managing up to 5000
devices, and offers features such as
role-based administrative access,
hierarchical management with policy
inheritance, workflow support for
formalized configuration change
control, manages all Cisco security
products (including appliances,
routers, and switches). Pricing starts
at $3,500 for a 5 device license. Cisco
MARS provides centralized event
management, correlation, and
mitigation for a wide range of both
Cisco and 3rd party security products.
Pricing starts at $7,500 for Cisco
MARS 20R.
Cyberoam Central Console:                 Cyberoam identity-enabled UTM+ appliances deliver user
                                          identity along with comprehensive network security. In
Cyberoam Central Console (CCC) with       addition to the standard UTM suite and policy
its centralized management and            configuration, Cyberoam allows for the creation of user-
control offers coordinated defense        based policies that offer business flexibility, in addition to
against zero-hour and blended threats     security against blended network attacks. While all UTMs
across distributed networks. It enables   protect enterprises against external network attacks,
enterprise-wide implementation of         Cyberoam UTM+ also protects against insider attacks out
corporate Internet policy, ensuring       of user ignorance or malicious intent that are posing as the
high productivity and security. Being     single largest threat to enterprises.
an appliance based solution, CCC
lowers the deployment cost while          Cyberoam offers Active-Active High Availability feature,
offering complete control over            maximizing network uptime and ensuring uninterrupted
distributed networks.                     access. These network security appliances offer Dynamic
                                          Routing that provides rapid uptime, increased network
Key Benefits of CCC                       throughput with low latencies and easy configuration,
*Real-time visibility of threat summary   supporting rapid network growth. Cyberoam’s VLAN
and trends                                capability enables large enterprises to create work profile-
*Instant enforcement of security          based policies across distributed networks from a
policies in response to zero hour         centralized location or head office.
threats
*Reduced operational complexity and       Cyberoam’s ICSA-certified firewall offers stateful and deep-
deployment time                           packet inspection, access control, user authentication, and
*Ease of use with view of multiple        network and application-level protection. Cyberoam
devices and network status at a glance    Intrusion Prevention and Detection allows creation of
                                          multiple user identity-based policies to block intrusion
Global Management for VPN, Policies,   Only UTM product that combines Firewall, VPN, IPS, Email
Subscriptions                          Security, Web Security, Email/Web Server and
                                       comprehensive malware and URL database in a single
                                       appliance
FortiGate systems can be centrally
managed by the FortiManager
management appliance. FortiManager
is an integrated management platform
that enables organizations of any size
to easily manage Fortinet products. It
minimizes the administrative effort
required to deploy, configure and
maintain the full range of network
protection services provided by
Fortinet products. FortiManager also
integrates seamlessly with
FortiAnalyzer™ to complete the
Fortinet central management solution;
providing centralized logging and
reporting services for Fortinet security
networks.

FortiManager Centralized
Management platform ranges in price
from $1,995 to $18,995. FortiAnalyzer
Centralized Reporting platform ranges
in price from $1,495 to $38,875.
SiteProtector management system
offers centralized management for
1000's of devices. Group-based policy
management reduces administrator
costs.




SiteProtector management system
offers centralized management for
1000's of devices. Group-based policy
management reduces administrator
costs.




SiteProtector management system
offers centralized management for
1000's of devices. Group-based policy
management reduces administrator
costs.




SiteProtector management system
offers centralized management for
1000's of devices. Group-based policy
management reduces administrator
costs.
SiteProtector management system
offers centralized management for
1000's of devices. Group-based policy
management reduces administrator
costs.




SiteProtector management system
offers centralized management for
1000's of devices. Group-based policy
management reduces administrator
costs.
NetScreen Security Manager (NSM)
provides centralized security policy
and configuration management across
SSG devices
NetScreen Security Manager (NSM)
provides centralized security policy
and configuration management across
SSG devices
NetScreen Security Manager (NSM)
provides centralized security policy
and configuration management across
SSG devices
NetScreen Security Manager (NSM)
provides centralized security policy
and configuration management across
SSG devices
NetScreen Security Manager (NSM)
provides centralized security policy
and configuration management across
SSG devices
NetScreen Security Manager (NSM)
provides centralized security policy
and configuration management across
SSG devices
NetScreen Security Manager (NSM)
provides centralized security policy
and configuration management across
SSG devices
Global Command Center can manage         Enterprise Reporting Engine (SecurityReporter) can do real-
thousands of SnapGear appliances         time analysis of syslog data coming from 1 or many
from a central location. Firewall rule   SnapGear appliances. It includes a customizable
deployments, firmware upgrades,          dashboard to quickly identify problems like throughput,
appliance reboots, general monitoring    viruses, intrusion detections, general errors and warnings
of appliances are all completed          and can push regularly scheduled reports to appropriate
through this application.                parties in several formats (PDFs, text, html, etc).
                                         SecurityReporter can monitor all of your SnapGear and
In addition to in-house centralized      Sidewinder appliances from one installation.
management and monitoring,
SnapGear does integrate with other       Extensive custom appliance and OEM capabilities make
MSP software packages.                   just about any appliance requirement doable. Numerous
                                         OEM appliances have features/functions that are not
                                         represented in the channel line of products. An overview
                                         on some of these solutions can be provided if requested.
CommandCenter central firewall
management centrally manages 5 to
hundreds of Sidewinder and
SnapGear firewalls from one central
appliance. Works with
SecurityReporter SIEM for
comprehensive reporting and
monitoring, including complete
regulatory compliance reports. Also
interoperates with popular SNMP-
based management and monitoring
systems.




(If product integrates with a larger
management or tiered system, please
mention how multiple remote devices
can be centrally managed and
monitored, and what the cost of
additional components is.
Every SonicWALL Internet security        SonicWALL E-Class NSA Series can function as a secure
appliance can be managed using the       wireless switch controller that automatically detects and
award-winning SonicWALL Global           configures SonicPoints. Features include 802.11b/g
Management System, which provides        support, secure wireless roaming, granular security policy
network administrators with the tools    enforcement, multiple SSID support, rouge access point
for simplified configuration,            detection and integrated wireless guest service (WGS).
enforcement and management of
global security policies, VPN and
services, all from a central location.
25 Node SonicWALL Global
Management System Base Package
$4,995.
Every SonicWALL Internet security        SonicWALL E-Class NSA Series can function as a secure
appliance can be managed using the       wireless switch controller that automatically detects and
award-winning SonicWALL Global           configures SonicPoints. Features include 802.11b/g
Management System, which provides        support, secure wireless roaming, granular security policy
network administrators with the tools    enforcement, multiple SSID support, rouge access point
for simplified configuration,            detection and integrated wireless guest service (WGS).
enforcement and management of
global security policies, VPN and
services, all from a central location.
25 Node SonicWALL Global
Management System Base Package
$4,995.
Every SonicWALL Internet security        SonicWALL E-Class NSA Series can function as a secure
appliance can be managed using the       wireless switch controller that automatically detects and
award-winning SonicWALL Global           configures SonicPoints. Features include 802.11b/g
Management System, which provides        support, secure wireless roaming, granular security policy
network administrators with the tools    enforcement, multiple SSID support, rouge access point
for simplified configuration,            detection and integrated wireless guest service (WGS).
enforcement and management of
global security policies, VPN and
services, all from a central location.
25 Node SonicWALL Global
Management System Base Package
$4,995.
Integrates with 3rd SNMP
Management Software or ZyXEL's
Vantage CNM (Centralized Network
Management) Software; Price
dependant on # of devices managed.
Integrates with 3rd SNMP
Management Software or ZyXEL's
Vantage CNM (Centralized Network
Management) Software; Price
dependant on # of devices managed.
Integrates with 3rd SNMP
Management Software or ZyXEL's
Vantage CNM (Centralized Network
Management) Software; Price
dependant on # of devices managed.


Integrates with 3rd SNMP
Management Software or ZyXEL's
Vantage CNM (Centralized Network
Management) Software; Price
dependant on # of devices managed.

Integrates with 3rd SNMP
Management Software or ZyXEL's
Vantage CNM (Centralized Network
Management) Software; Price
dependant on # of devices managed.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:429
posted:5/13/2010
language:English
pages:1088