You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
B-71 B-80<br />
Security NetDefend Firewall Selection Matrix<br />
NetDefend Firewall Selection Matrix<br />
IPS Firewalls<br />
UTM Firewalls<br />
DFL-210 DFL-800 DFL-1600 DFL-2500 DFL-160 DFL-260 DFL-860 DFL-1660 DFL-2560 DFL-2560G<br />
Interface<br />
Ethernet WAN Port 1 2 - - 1 1 2 - - -<br />
Ethernet DMZ Port 1 1 - - 1 1 1 - - -<br />
Ethernet LAN Port 4 7 - - 4 4 7 - - -<br />
User-Configurable Gigabit RJ-45 Port - - 6 8 - - - 6 10 6<br />
User-Configurable Gigabit SFP Port - - - - - - - - - 4<br />
System Performance<br />
Firewall Throughput (Mbps) 80 150 320 600 70 80 150 1,200 2,000 2,000<br />
VPN Throughput (Mbps) 25 45 120 300 25 25 45 350 1,000 1,000<br />
Concurrent Sessions 10K 20K 400K 1,000K 6K 10K 20K 600K 1,500K 1,500K<br />
Policies 500 1,000 2,500 4,000 300 500 1,000 4,000 6,000 6,000<br />
Firewall System<br />
Transparent Mode Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Network & Port Address Translation (NAT,<br />
PAT)<br />
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
OSFP Dynamic Routing Protocol No Yes Yes Yes No No Yes Yes Yes Yes<br />
Time-Scheduled Policies Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Proactive Network Security (ZoneDefense) No Yes Yes Yes No No Yes Yes Yes Yes<br />
ICSA Firewall Corporate Level Certified Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Networking<br />
DHCP Server / Client Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
DHCP Relay / Policy-based Routing Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
IEEE 802.1Q Virtual LAN (VLAN) 8 16 128 1,024 No 8 16 1,024 2,048 2,048<br />
IP Multicast (IGMPv3) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Virtual Private Network (VPN)<br />
DES/3DES/AES/Twofish/Blowfish/CAST-128 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Dedicated VPN Tunnels 100 200 1,200 2,500 30 100 200 2,500 5,000 5,000<br />
PPTP/L2TP Server / IPSec NAT Traversal Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Hub and Spoke Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
ICSA IPSec 1.3 Enhanced Certified Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
System Management<br />
Web-Based User Interface (HTTP/HTTPS) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Command Line/SSH Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Configuration Backup/Restore Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
User Authentication<br />
Built-in Database Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
External RADIUS / LDAP (IPSec only) Server Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
External Microsoft IAS Server Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
XAUTH for IPSec Authentication Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Logging and Monitoring<br />
Internal / External Log (Syslog Server) Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
Email Notification, Event Log & Alarm Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
SNMP v1, v2c Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Traffic Load Balancing<br />
Outbound Traffic Load Balancing Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Server Load Balancing No Yes Yes Yes No No Yes Yes Yes Yes<br />
Algorithms for Outbound Traffic Load Balancing<br />
Round-Robin, Destination-Based, Spillover Yes 1 Yes 1 Yes 1 Yes 1 No Yes 1 Yes 1 Yes Yes Yes<br />
Bandwidth Management<br />
Policy-Based Traffic Shaping Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Guaranteed / Maximum / Priority Bandwidth Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Dynamic Bandwidth Balancing Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Bandwidth Management in VPN Tunnel Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
High Availability (HA)<br />
WAN Fail-Over / Traffic Redirect at Fail-Over Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Device / <strong>Link</strong> Failure Detection No No Yes Yes No No No Yes Yes Yes<br />
Intrusion Detection & Prevention System (IDP/IPS)<br />
Automatic Pattern Update Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
DoS, DDoS Protection Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
IP Blacklist by Threshold or IPS/IDP No Yes Yes Yes No No Yes Yes Yes Yes<br />
Content Filtering<br />
HTTP / Script / Email Type Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes<br />
External Database Content Filtering Yes 2 Yes 2 No No Yes Yes Yes Yes Yes Yes<br />
Anti-Virus<br />
Real Time AV Scanning / Unlimited File Size Yes 2 Yes 2 No No Yes Yes Yes Yes Yes Yes<br />
Scans VPN Tunnels / Compression File Yes 2 Yes 2 No No Yes Yes Yes Yes Yes Yes<br />
Signature Licensor (Kaspersky) Yes 2 Yes 2 No No Yes Yes Yes Yes Yes Yes<br />
Automatic Pattern Update Yes 2 Yes 2 No No Yes Yes Yes Yes Yes Yes<br />
Email Security<br />
SMTP & POP3 Protocol Support Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
MIME Header Check for File Extension<br />
Filtering<br />
Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Email Rate & Size Protection (SMTP Protocol<br />
only)<br />
Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
Anti-Spam (for SMTP Protocol only) Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
IM/P2P Blocking Yes Yes Yes Yes No Yes Yes Yes Yes Yes<br />
1 Available in Firmware 2.25.01<br />
2 Available in Firmware 2.26.00