63 SECURITY NetDefendFirewallSelectionMatrix
IPS Firewalls UTM Firewalls
DFL-210 DFL-800 DFL-1600 DFL-2500 DFL-260 DFL-860 DFL-1660 DFL-2560 DFL-2560G
Interface
Ethernet WAN Port 1 2 - - 1 2 - - -
EthernetDMZPort 1 1 - - 1 1 - - -
Ethernet LAN Port 4 7 - - 4 7 - - -
User-CongurableGigabitRJ-45Port - - 6 8 - - 6 10 6
User-Configurable Gigabit SFP Port - - - - - - - - 4
System Performance
Firewall Throughput (Mbps) 80 150 320 600 80 150 1,200 2,000 2,000
VPN Throughput (Mbps) 25 45 120 300 25 45 350 1,000 1,000
Concurrent Sessions 10K 20K 400K 1,000K 10K 20K 600K 1,500K 1,500K
Policies 500 1,000 2,500 4,000 500 1,000 4,000 6,000 6,000
Firewall System
Transparent Mode Yes Yes Yes Yes Yes Yes Yes Yes Yes
Network&PortAddressTranslation(NAT,
PAT)
Yes Yes Yes Yes Yes Yes Yes Yes Yes
OSFPDynamicRoutingProtocol No Yes Yes Yes No Yes Yes Yes Yes
Time-Scheduled Policies Yes Yes Yes Yes Yes Yes Yes Yes Yes
ProactiveNetworkSecurity(ZoneDefense) No Yes Yes Yes No Yes Yes Yes Yes
ICSA Firewall Corporate Level Certified Ye s Yes Yes Yes Yes Yes Yes Yes Yes
Networking
DHCPServer/Client Ye s Yes Yes Yes Yes Yes Yes Yes Ye s
DHCPRelay/Policy-basedRouting Yes Yes Yes Yes Yes Yes Yes Yes Yes
IEEE 802.1Q Virtual LAN (VLAN) 8 16 128 1,024 8 16 1,024 2,048 2,048
IP Multicast (IGMPv3) Yes Yes Ye s Yes Yes Yes Yes Yes Yes
Virtual Private Network (VPN)
DES/3DES/AES/Twofish/Blowfish/CAST-128 Yes Yes Yes Yes Yes Yes Ye s Yes Yes
Dedicated VPN Tunnels 100 200 1,200 2,500 100 200 2,500 5,000 5,000
PPTP/L2TP Server / IPSec NAT Traversal Ye s Yes Yes Yes Yes Yes Yes Yes Yes
HubandSpoke Yes Yes Yes Yes Yes Yes Yes Yes Yes
ICSA IPSec 1.3 Enhanced Certified Yes Yes Ye s Yes Yes Yes Yes Yes Yes
System Management
Web-BasedUserInterface(HTTP/HTTPS) Yes Yes Yes Ye s Yes Yes Yes Yes Yes
CommandLine/SSH Yes Yes Yes Yes Yes Yes Yes Yes Yes
Configuration Backup/Restore Yes Yes Yes Yes Yes Yes Yes Yes Yes
User Authentication
Built-in Database Yes Yes Yes Yes Yes Yes Yes Yes Yes
ExternalRADIUS/LDAP(IPSeconly)Server Yes Yes Yes Yes Yes Yes Yes Yes Yes
ExternalMicrosoftIASServer Yes Yes Yes Yes Yes Yes Yes Yes Yes
XAUTHforIPSecAuthentication Ye s Yes Yes Yes Yes Yes Yes Yes Ye s
Logging and Monitoring
Internal/ExternalLog(SyslogServer) Yes Yes Ye s Yes Yes Yes Yes Yes Yes
EmailNotication,EventLog&Alarm Yes Yes Yes Yes Yes Yes Yes Yes Yes
SNMP v1, v2c Yes Yes Yes Yes Yes Yes Yes Yes Yes
Traffic Load Balancing
OutboundTrafcLoadBalancing Yes Yes Yes Yes Ye s Yes Yes Yes Yes
Server Load Balancing No Yes Yes Yes No Yes Yes Yes Yes
AlgorithmsforOutboundTrafcLoadBalancing
Round-Robin, Destination-Based, Spillover Yes
1
Yes
1
Yes
1
Yes
1
Yes
1
Yes
1
Yes Yes Yes
Bandwidth Management
Policy-Based Traffic Shaping
Yes Yes Yes Yes Yes Yes Yes Yes Yes
Guaranteed/Maximum/PriorityBandwidth Yes Yes Yes Yes Yes Yes Yes Yes Yes
Dynamic Bandwidth Balancing Yes Yes Yes Yes Yes Yes Ye s Yes Yes
Bandwidth Management in VPN Tunnel Yes Yes Yes Yes Yes Yes Yes Yes Yes
HighAvailability(HA)
WANFail-Over/TrafcRedirectatFail-Over Ye s Yes Yes Yes Yes Yes Yes Yes Yes
Device / Link Failure Detection No No Yes Yes No No Yes Yes Yes
IntrusionDetection&PreventionSystem(IDP/IPS)
Automatic Pattern Update Ye s Yes Yes Yes Yes Yes Yes Yes Yes
DoS, DDoS Protection Yes Yes Yes Yes Yes Yes Yes Yes Yes
IP Blacklist by Threshold or IPS/IDP No Yes Yes Yes No Yes Yes Yes Yes
Content Filtering
HTTP/Script/EmailType Yes Yes Yes Yes Ye s Yes Yes Yes Yes
ExternalDatabaseContentFiltering Yes
2
Yes
2
No No Yes Yes Yes Yes Yes
Anti-Virus
Real Time AV Scanning / Unlimited File Size Yes
2
Yes
2
No No Yes Yes Yes Yes Yes
Scans VPN Tunnels / Compression File Yes
2
Yes
2
No No Yes Yes Yes Yes Yes
Signature Licensor (Kaspersky) Yes
2
Yes
2
No No Yes Yes Yes Yes Yes
Automatic Pattern Update Yes
2
Yes
2
No No Yes Yes Yes Yes Yes
Email Security
SMTP&POP3ProtocolSupport Ye s Yes Yes Yes Yes Yes Yes Yes Yes
MIMEHeaderCheckforFileExtension
Filtering
Yes Yes Yes Yes Yes Yes Yes Yes Yes
EmailRate&SizeProtection(SMTPProtocol
only)
Yes Yes Yes Yes Yes Yes Yes Yes Yes
Anti-Spam (for SMTP Protocol only) Yes Yes Yes Yes Yes Yes Yes Yes Yes
IM/P2P Blocking Yes Yes Yes Yes Yes Yes Yes Yes Yes
NetDefend Firewall Selection Matrix
1
Available in Firmware 2.25.01
2
Available in Firmware 2.26.00
70