Talisker Enterprise Firewall Appliances

About Us | Services | Recruitment | Advertise | Contact

Computer Network Defence Ltd

Enterprise Firewall Appliances
An Enterprise firewall appliance is a turnkey hardware/software device that has most components pre-installed and pre-configured, and manages a security policy for an entire enterprise. An enterprise firewall appliance must be able to log to a central control console to be considered enterprise ready.

Last Reviewed by Michele Jordan 15 May 2006

Links to Products

CyberGuard TSP Firewall/VPN

Watchguard Firebox X Peak Series

Lucigate Firewall Appliance

Ndurant Express and S Series

Advanced Firewall 4

Nokia IP560

SonicWALL PRO Series

Netscreen-200 Series

Sidewinder G2

TopLayer IPS 5500 Series

FortiGate Enterprise Series

iForce VPN/Firewall Appliance

SteelGate Firewall

VPN Firewall Portfolio for Enterprises

XSR 3000 Series Security Router

InstaGate Security Gateway

Cisco ASA 5500 Series Adaptive Security Appliance

Proxy Sentinel and Firewall Sentinel

Celestix MSA4000

NetASQ UTM Appliances - F2000 and F5000

Eland SYS-2 Firewall/VPN

RouteFinder

AstroFlowGuard Appliance

HotBrick Firewall/VPN

gateProtect Firewall

BlackBox Firewall

Clavister SG4200

LiSS II Secure Gateway

Defencity NetSecure

NetBox

NetStealth

Omnirange Plus

Xnet Solutions SN400

GajShield SecureGate Hardware Appliance

Amaranten F Series Firewall

NetSentron NS200

Gatecraft Shield

ZyWALL 70 UTM

GateMAN and Sepehr Firewalls

NetWolves WolfPac SG

Arkoon FAST360 Security Appliance

Linux Embedded Appliance Firewall (LEAF)

PowerElf II

Ingate Firewall 1880

Symantec Gateway Security 5600 Series

GB-2000X Firewall Appliance

Trustix Xsentry Firewall

Adtran's NetVanta 2000 Series

Crossbeam X-Series

Wolverine Firewall Appliances

CyberGuard TSP Firewall/VPN
	CyberGuard Corporation	http://www.cyberguard.com
CyberGuard TSP enterprise gateway security appliance provides proactive, positive security model protection against generalized and application-specific attacks. TSP's architecture enforces explicit security policies to permit only valid and authorized traffic, while automatically protecting against potentially malicious URLs, content, or scripts embedded in HTTP. TSP performance - Secure Computing’s CyberGuard brand of Firewall/VPN appliances are known for their ability to deliver blazing-fast application and network layer performance. Competing, well-known brands of firewalls simply cannot scale layer 7 deep packet inspection to the Gigabit throughput levels which are business-as-usual for the mid-to-high-end models of the TSP appliance line. CyberGuard TSP Firewall/VPN features and benefits Ultra-hardened secure operating system - Fully integrated proprietary hardened Linux-based OS with Multi Level Security (MLS) and Mandatory Access Control (MAC) built into the kernel of the OS. This provides fine grained protection over all software running on the appliances against every class of known and unknown attack. Contextual aggregation for layer 7 inspection - Assembles packets into session contexts in order to identify and secure the use of restricted commands and content. Packet filtering and Stateful Inspection - Packet filtering and Stateful Inspection Application awareness and control - 79 application-layer inspection points for adherence to application-specific security requirements. Protocol anomaly detection - Protocol anomaly detection ensures that all traffic conforms to RFC specifications and acceptable use policies. Enhanced content security - HTTP header filtering, CVP and ICAP support strengthen the solution by examining both the packet headers and payload. Intrusion prevention - Regular expression inspection identifies malicious signatures. Positive security model enforcement - "White List" inclusive patterns allow only the legitimate traffic while automatically blocking abnormal behavior. Session creation throttle - Ensures that performance will not be degraded under a DOS attack scenario. Adaptive response - Terminates packet filter sessions on selective alerts by dynamic creation of a deny rule for the offending IP. IPSec VPN - Scalable IPSec VPN Tunnels with AES and 3DES acceleration for large-scale enterprise deployments. VLAN segmentation policy enforcement - Create "virtual" groupings of endpoints located on disparate physical networks with specific authentication policies for each group. Tools - Ethereal™ is provided for network troubleshooting. Also see the SnapGear family for lower-end products.
Commercial		Information updated: 31 Oct 2007

Watchguard Firebox X Peak Series
	Watchguard Technologies	http://www.watchguard.com
Firebox® X Peak™ is the highest-performance line of Unified Threat Management (UTM) appliances from WatchGuard®. Capable of gigabit-per-second throughput, it provides the reliability, redundancy, traffic management, and port density that demanding, high-speed networks require. It's powerful, yet easy to deploy and manage using WatchGuard System Manager (WSM) 8.x, an intuitive user interface with real-time monitoring, secure centralized logging, and historical reporting. With its Intelligent Layered Security, the Firebox X Peak provides stronger security out of the box. It proactively blocks viruses, worms, spyware, trojans, and blended threats, without relying on signatures for true Zero Day protection. Every Firebox® X Peak™ model integrates: * Dynamic stateful packet firewall * Virtual Private Networking (VPN) * Up to three Gigabit Ethernet ports * Fireware™ Pro advanced operating system * Intelligent Layered Security (ILS) for Zero Day protection * Gateway AntiVirus/Intrusion Prevention Service (optional) * URL filtering (optional) * Managed desktop antivirus protection * WatchGuard® System Manager 8.0 * 90-day renewable LiveSecurity® Service subscription Firebox® X8000 - For advanced networks and data centers needing gigabit-level performance and multiple Gigabit Ethernet interfaces. Firebox® X6000 - For more demanding network environments with a gigabit LAN backbone. Firebox® X5000 - For enterprises needing advanced networking and high port density. Also see the Firebox X Core Series.
Commercial		Information updated: 14 Mar 06

Lucigate Firewall Appliance
	Lucidata Data Communications Consultants	http://www.lucidata.com
Features Hacker Proof Transparent to Users Independent Appliance Low Cost No Maintenance Costs No Licensing Costs Easy to Setup - Easy to Understand Purpose Designed Hackerproof - The LuciGate Firewall is a piece of dedicated hardware (sometimes referred to as a Firewall Appliance) that sits between your network and the outside world. Without its smartcard key, it will not allow ANY data to pass through it. It is not based on a PC and it cannot be configured remotely. This is a deliberate design feature - THE LUCIGATE FIREWALL WILL NOT RESPOND TO ANYTHING. In fact users of the network will not know that it is there. Because it will not respond to network messages, it cannot be interfered with. Only the smartcard key holds the setup information, and the outside world has no access to it. Low Cost - Contrary to popular belief, there is no reason for a Firewall to be expensive. The LuciGate Firewall Appliance is the low-cost solution for IP Network Security. The LuciGate is a dedicated piece of hardware - specially designed to be a Firewall. It is not a general purpose computer, so there is no display, disc drives, interfaces, operating system etc. It simply acts as a filter passing on allowed data. This keeps the price low and the running costs zero. No maintenance is needed and there are no licence fees. A large organisation that wants to effectively separate different user groups, can install several LuciGate Firewall Appliances without breaking the bank. Auto Logging - The LuciGate is supplied with a program called LuciGuard. This optional program will run on any Windows system that supports Windows Sockets. You would normally run the program on a PC in the “Inner World” that you are protecting. LuciGuard keeps a time-stamped Log of activities and triggers an alarm if anything suspicious happens. Even if someone rearranged the cables and physically bypassed the LuciGate Firewall, LuciGuard would know and raise the alarm. Independent - LuciGate is a dedicated stand alone piece of hardware. Its only function is to be a firewall which is why it is sometimes referred to as a Firewall Appliance. It does not do anything else, so there is no need for an operating system or layers of software which can make computer based systems less than 100% reliable. Once installed, legitimate users of the network will not even know that it is there. In a well designed system total power failure would be extremely unlikely. But if the unexpected did happen, you can rest assured that the LuciGate will be protecting your network long before the servers have re-booted. The Lucigate will recover from total power failure in less than two seconds.
Commercial		Information updated: 14 Mar 06

Ndurant Express and Ndurant S Series
	Resilience Corporation	http://www.resilience.com
The Power of iHA™ for Medium Businesses to Large Enterprises The challenge for medium to large enterprises is finding network security that really works — at the right scale and cost. Ndurant Express models 20 and 30 offer you the best security and availability with unmatched flexiblity to scale firewall / VPN throughput to your changing business environment with minimim cost and risk. Check Point: The Highest Level Security - Models 20 and 30 are purpose-built platforms for Check Point Express® and Check Point VPN-1 Pro firewall / VPN software. Check Point Express is the affordable solution for SMB networks. Check Point VPN-1 Pro is the enterprise solution. With Application Intelligence and SmartDefense, both Check Point solutions deliver the industry’s most comprehensive defense against current and new attacks with proven protection against the SANS “Top 20” Internet security threats. iHA: The Highest Level of Availability - If you don’t have high availability (HA), you’re never sure if your network has security. Ndurant Express delivers iHA, a superior form of HA that keeps your Check Point application running 99.999% of the time. iHA integrates HA across all systems layers of Ndurant Express’ dual-module architecture to create a muli-layer solution that has no single point of failure. The iHA - Hot Standby architecture uses one Check Point license to provide the best HA solution at the best cost for users in their class. Scalable Throughput for Your Requirements Running Check Point VPN - 1 Pro with Performance Pack gives Ndurant Express models 20 and 30 the blinding speed required by large enterprises. Choosing Check Point Express software without Performance Pack lets medium sized businesses scale back costs while enjoying performance scaled to their business needs. When you need more bandwidth, simply upgrade the software to scale up the Ndurant Express 20’s or 30’s performance. Highest Ease of Ownership - Upon detection of a failure, the backup module in an Ndurant Express automatically takes over operations from the primary. Remote users continue working with little or no interruption. Any user can hot swap a replacement in the field without service disruption. The replacement module self-configures automatically. Ndurant Express’ automatic failover and self-configuring modules are particularly important for providing perimeter security at remote locations where IT staff is not on site. An operator sets up and administers Ndurant Express appliances through Resilience’s 5 to Live™ GUI, a simple Web interface that lets users configure their Ndurant Express and Check Point software in five simple steps to have the solution fully operational in fifteen minutes or less. Resilience backs Ndurant Express appliances with the Continuous Secured Ownership WarrantySM to provide the Check Point solution with no End-of-life. Also see the Ndurant S Series appliances by Resilience Corporation.
Commercial		Information updated: 14 Mar 06

Advanced Firewall 4
	Smoothwall Ltd.	http://www.smoothwall.net
Enterprise class networks need more than the traditional perimeter firewall to protect them from the myriad security threats posed by the Internet. Access to both internal and external resources needs to be as tightly controlled as possible, to prevent unauthorised access and to block the spread of viruses and other malicious code. As with all security, access control should depend upon the user identity, not be determined by simplistic rules based on IP address alone. With Advanced Firewall, user authentication against a Microsoft Active Directory or other LDAP server determines the security policies applied to each user. SmoothWall Advanced Firewall fulfils the following security functions: Perimeter firewall - multiple Internet connections with load sharing and automatic connection failover Internal firewall - segregation of networks into physically separate zones with user-level access control of inter-zone traffic VPN Gateway - site-to-site, secure remote access and secure wireless connections Web Content Filtering - block access to inappropriate and time wasting content (with SmoothGuardian add-on module) Bandwidth Management - maximise the performance of Internet connections (with SmoothTraffic add-on module) Email Security and Anti-Virus - anti-malware and anti-spyware emall relay (with SmoothZap add-on module) SmoothWall Advanced Firewall exploits the power, reliability and versatility of high performance server hardware to provide a cost effective firewall of unrivalled performance and flexibility. The modular nature of Advanced Firewall, combined with the wide range of supported hardware, allows users to specify a solution to suit any security requirement. For small to mid-sized businesses, see the Corporate Firewall 4 product line.
Commercial		Information updated: 14 Mar 06

Nokia IP560
	Nokia Corporation	http://usa.nokia.com
Nokia IP560 is a robust, cost-effective security platform that offers the performance and port density of a high-end network security appliance. Unlike similar systems, Nokia IP560 is available with the flexibility of flash-based or hybrid configurations. Nokia IP560 is designed as an enforcement point for large businesses and enterprises, delivering over 6 Gbps of Ethernet for firewall traffic, 58,000 connections per second and a total throughput of 1.9 Gbps encrypted traffic through the included 4-port 1000BaseT Ethernet card in a 1RU security platform. With the option for 12 ports of Gigabit Ethernet in the base configuration and up to 16 ports of Gigabit Ethernet, the flexibility in port density is far superior to any other 1RU platform. To allow for off-platform storage or backup of the current configuration, an optional PC card flash device or a hard disk drive is available. The high throughput coupled with high 10/100/1000 port density also makes it an excellent choice for demanding internal firewall or perimeter deployments. The port expandability, high performance, and flexibility of the Check Point licensing model provides customers with a level of investment protection in terms of future capacity growth. A 2-node high availability (HA) pair of Nokia IP560 appliances occupies no additional rack space and offers higher performance and Gigabit Ethernet (GigE) port density for approximately the same cost as any other single midrange or large business appliance. Like all trusted Nokia security platforms, it features Nokia IPSO™, a secure operating system with Web or Command Line Interface (CLI), as well as support from Nokia Horizon Manager, which provides secure robust system management, version control, backup and restore. Features 1RU form factor Flash-based or hard drive for hybrid configuration 4 front-facing PCI-X PMC expansion slots, supporting up to 16 10/100/1000 Ethernet interfaces 4-port 10/100/1000 Ethernet interface card (included) 2 open PCI-X PMC slots 1GB RAM, expandable to up to 4GB of RAM Slide-out tray for easy serviceability Nokia IPSO operating system High Availability via either Nokia VRRP or patented IP Clustering Nokia dynamic and multicast routing protocols Also see the other models in the Nokia IP product line.
Commercial		Information updated: 14 Mar 06

SonicWALL PRO Series
	SonicWALL Inc.	http://www.sonicwall.com
The SonicWALL® PRO Series solves these issues by combining multiple network and security functions including a deep packet inspection firewall, IPSec VPN, layered anti-virus, anti-spyware, intrusion prevention and Web content filtering capabilities into a single integrated appliance that is easy to manage and deploy. Based on a dynamically updateable platform, PRO Series appliances are automatically updated to ensure zero day protection against a variety of network and application threats. Optimized for advanced networking and ultra reliable operation, they are designed for mission-critical data and network communication deployments. At the core of every PRO Series appliance is SonicOS, SonicWALL’s powerful operating system which provides policy-based firewall management over complex deployments and enables complete control over network traffic and application usage. The PRO Series delivers exceptional value and performance for organizations of all sizes, including branch offices, central sites, distributed enterprises and data centers. The PRO Series features six models: PRO 1260, 2040, 3060, 4060, 4100 and 5060, designed to meet the network security needs for organizations of all sizes.
Commercial		Information updated: 17 Jan 07

Netscreen-200 Series
	Juniper Networks	http://www.juniper.net
* Integrated security solutions designed for medium to large enterprise networks, offices, e-business sites, data centers, and carrier infrastructures * High-performance platform with excellent price/performance and superior features * Firewall attack protection on every interface, for secure internal and external networks Overview - The Juniper Networks NetScreen-200 series includes two enterprise network products: the NetScreen-204 appliance with four 10/100 interfaces, and the NetScreen-208 appliance with eight 10/100 interfaces. Together, they are among the most versatile security appliances available today, easily integrating into many different environments, including medium to large enterprise networks, offices, e-business sites, data centers, and carrier infrastructures. Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200 series performs firewall functions at wire speed (375 Mbps). Even the most computationally intense applications, such as 3DES and AES encryption, are performed at speeds up to 175 Mbps. In addition to physical interface density, the NetScreen-200 series optionally supports virtualization, including VLAN support and additional custom security zones and virtual routers. Features & Benefits Key features and benefits of the NetScreen-204 and NetScreen-208 appliances include the following: * Integrated solution with security-optimized hardware, operating system, and applications * High-performance platform with excellent price/performance and superior features * Comprehensive high-availability solution for sub-second failover between interfaces or devices * Customizable security zones to increase interface density without additional hardware expenditures * Integrated Deep Inspection firewall for application-level attack protection for Internet-facing protocols, applied on a per-policy basis * Redundant VPN gateways for an additional level of redundancy in a VPN network, by allowing backup tunnel definitions in the event of a lost VPN connection * Firewall attack protection on every interface, for a secure internal as well as external network * Transparent mode to allow the device to function as a Layer 2 IP security bridge, but with minimal change to the existing network * Management through graphical Web UI, CLI, or the NetScreen-Security Manager central management system * Policy-based management for centralized, end-to-end life-cycle management See the whole Netscreen and ISG product line at Juniper's website.
Commercial		Information updated: 14 Mar 06

Sidewinder G2
	Secure Computing Corporation	http://www.securecomputing.com
Consolidating all major Internet security functions in one system, the Sidewinder G2® Security Appliance is the strongest self-defending platform in the world. Built on a unique Zero-hour Attack Protections (ZAP™) technology, Sidewinder G2 defends your networks and applications from all types of Internet threats, both known and unknown. Secure Application Pathways at the heart of ZAP - At the center of the Sidewinder G2 attack protections design are secure application pathways that allow your tightly defined and recognized traffic through at Gigabit speeds. Simultaneously, our self-defending ZAP technology has zero tolerance for all suspicious and undesirable traffic—including known threats before security patches or attack signatures are available or applied—providing you with essential 24x7 Application Defenses™ for your mission-critical operations. A unified threat management (UTM) device as defined by IDC, Sidewinder G2 goes even further to include best-of-breed security so you gain greater manageability, more control, and stronger security than other UTM and firewall appliances. Sidewinder G2's comprehensive yet flexible platform protects you instantly out of the box. It also allows you to customize and implement your security policy as you see fit using any or all of the protective features of Sidewinder G2, including over 200,000 known virus, spyware, and attack signatures, Web content filtering, and much more. Our unique unequalled CERT advisory record and zero emergency security patches over the 11-year life of Sidewinder G2 sets us apart. Broadly deployed world-wide, the Sidewinder G2 Security Appliance is extensively used by all types of organizations from small to enterprise, and is the only security appliance to have achieved the pre-eminent EAL4+ common criteria certification for application firewalls. Policy management - The framework of a good security environment is its underlying policy. Sidewinder G2 facilitates the creation and administration of security policy through a variety of tools. Firewall/VPN - As part of its base functionality, Sidewinder G2 provides the world's strongest application firewall, and VPN capabilities (IPSec and SSL). Unified Threat Management (UTM) - Sidewinder G2 includes best-of-breed security so you gain greater manageability, more control, and stronger security than other UTM and firewall appliances provide. Enterprise Strong® appliance technology - Sidewinder G2 makes life easier for security professionals, including high performance, HA pairs and cluster management, zero emergency security patches, the world's best support, and more. A product you can trust - The Sidewinder G2 Security Appliance, the most comprehensive gateway security appliance in the world, is the right choice to protect the world's most important networks.
Commercial		Information updated: 14 Mar 06

TopLayer IPS 5500 Series
	Top Layer Networks	http://www.toplayer.com
The Top Layer IPS 5500 series is an award-winning family of network Intrusion Prevention Systems (IPS) that has been designed to deliver non-disruptive protection against risks and losses associated with cyber threats and network attacks. These Intrusion Prevention System appliances are easily deployed seamlessly in-line, and perform at the highest rates in the industry. They provide maximum protection for critical IT assets while allowing full access to legitimate users and applications. Top Layer's IPS 5500 provides worldwide enterprises, service providers, and governments with complete Three Dimensional Protection (3DP). The IPS 5500's 3DP uniquely provides the broadest range of protection available on the market including: * Protection against malicious content through advanced IPS technology * Protection against undesired access through stateful firewall filtering * Protection against rate-based attacks such as DDoS attacks through DDoS mitigation The IPS 5500 can be deployed at the perimeter, on internal network segments, remote site locations or at the network core to protect assets and stop attacks. Customers can easily manage these products centrally with Top Layer's SecureCommand+™ threat management solution. Deployment of the IPS 5500 helps ensure business continuity, meet compliance requirements, and protect confidential data and mission-critical applications. The IPS 5500 provides: * High Performance = The highest throughput and leading stateful session setup rates ensure excellent network performance. * Lowest Network Latency = At <50 uSec there's no interruption to critical applications like VoIP. * Reliability and High Availability = ProtectionCluster H/A configurations, port bypass and redundant power all ensure reliability. * Easy to Deploy and Manage = It can be deployed and protecting a network within 30 minutes. Multiple units can be easily managed with Top Layer's Secure Command+ centralized management system. * Stays current on emerging threats = TopResponse™ Update Service's Automated Protection Pack updates keep threat information current.
Commercial		Information updated: 14 Mar 06

FortiGate Enterprise Series
	Fortinet Inc.	http://www.fortinet.com
The FortiGate™ Enterprise Series, which includes the FortiGate-300A, 400, 400A, 500, 500A, and 800 Antivirus Firewall models, meets enterprise-class requirement for performance, availability and reliability. They include all of the key capabilities provided by other FortiGate models, with integrated, real-time antivirus, firewall, VPN, network intrusion detection and prevention, and traffic-shaping services. With throughputs up to 1Gbps, high-availability features including automatic failover with no session loss, and multi-zone capabilities, units in the FortiGate Enterprise Series are the choice for mission critical applications. FortiGate-300A - The FortiGate-300A Antivirus Firewall provides performance, flexibility, and security necessary to protect today's growing small and medium sized enterprise networks. The FortiGate-300A platform features two 10/100/1000 tri-speed ethernet ports for networks running at or upgrading to gigabit speeds. FortiGate-400 - The FortiGate-400 Antivirus Firewall delivers enterprise-class security and availability. It can detect viruses and worms, and filter web traffic in real time, and also provides high-performance firewall, VPN and traffic shaping functions. The FortiGate-400 Antivirus Firewall includes a high-availability port and fail-over logic to support redundant configurations, making it ideal for mission-critical applications. FortiGate-400A - The FortiGate-400A Antivirus Firewall provides performance, flexibility, and security necessary to protect today s growing enterprise networks. The FortiGate-400A platform features two 10/100/1000 tri-speed ethernet ports for networks running at or upgrading to gigabit speeds and 4 user-definable 10/100 ports provide redundant WAN links, high availability, and multi-zone capabilities, allowing administrators a high degree of flexibility to segment their network into zones and create policies to control network traffic between zones. FortiGate-500 - The FortiGate-500 Antivirus Firewall is a multi-zone network protection solution that enables organizations to segment their internal and external networks into independent security "zones," each with unique access and security policies. With 12 user-configurable ports in a 1U high unit, the FortiGate-500 Antivirus Firewall achieves a level of density, performance, and cost per port unmatched by any other system. FortiGate-500A - The FortiGate-500A Antivirus Firewall provides performance, flexibility, and security necessary to protect today's growing enterprise networks. The FortiGate-500A platform features two 10/100/1000 tri-speed ethernet ports provide flexibility for networks running at or upgrading to gigabit speeds, 4 user-definable 10/100 ports for redundant WAN links, high availability, and multi-zone capabilities that allow administrators a high degree of flexibility to segment their network into zones for granular control of network traffic, and an internal 4-port switch for direct connectivity with the FortiGate-500A. Also see the FortiGate-800, FortiGate-1000A and FortiGate-1000AFA2.
Commercial		Information updated: 14 Mar 06

iForce VPN/Firewall Appliance
	Sun Microsystems	http://www.sun.com
To effectively protect your networks, corporate resources and data communication, your organization requires maximum security measures that are easy to install, deploy, manage and use. Enter the iForce VPN/Firewall Appliances, Powered by Sun and Check Point . These appliances are a best of breed solution that offer compelling features, provide high performance at very low cost, are intuitive to use, fully tested, and integrate the market's leading Internet security application. The foundation of these appliances are Sun Microsystem's Sun Fire V20z and V40z AMD Opteron based servers. All in all affordable security, right out of the box. The appliances come pre-installed with Check Point's VPN-1 (VPN & Firewall software technology), & management software solutions on the NG & NGX platforms, hardened Check Point SecurePlatform operating system, and a user-centric GUI. These appliances offer enterprise organizations some of the most advanced Internet security technology available today. They are rock-solid, dependable and OPSEC certified for optimal operation. These solutions are available through select Sun & Check Point distribution partners. Key Benefits * Enterprise class performance (7.5 Gbps) for less than $14,000 (hardware only). * OPSEC-certified by Check Point for security and interoperability. * Check Point NG & NGX on Check Point's SecurePlatform Hardened OS is pre-installed. * One number to call for support ? Check Point's Worldwide Technical Assistance Centers. * Installation and testing of network interfaces, patching and optimization of the security application and OS, are taken care of at the factory. * User-friendly UI for configuration; many preliminary yet essential tasks required to set up a firewall and VPN are pre-configured on the appliance. * One-Click VPN deployment and One-Click certificates for strong authentication.
Commercial		Information updated: 14 Mar 06

SteelGate Firewall
	Borderware Technologies	http://www.borderware.com
What is ISA Server? ISA Server is a software firewall system designed to help prevent unrestricted access of your computer network. SteelGate™ is a high-performance VPN firewall appliance that enables organizations to prevent attacks and block malicious behavior, control network traffic both inbound and outbound and centrally manage the perimeter defense infrastructure in a single security solution. SteelGate is a comprehensive firewall appliance that is based on the Common Criteria certified BorderWare Firewall Server™ software. SteelGate provides perimeter security in a single solution that allows organizations to: Prevent – attacks and blocks malicious behavior that come from the Internet to reduce risk Control – both inbound and outbound network traffic with content controls to reduce legal liability Manage – perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS) Also see the Firewall Server product.
Commercial		Information updated: 14 Mar 06

VPN Firewall Portfolio for Enterprises
	Alcatel-Lucent	http://www.alcatel-lucent.com
The Lucent VPN Firewall portfolio offers a broad range of enterprise security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters employees, branch offices, road warriors and customers. The superb price/performance and low total ownership costs can stretch IT budgets. Leading-edge technology with timesaving features help maximize IT staff resources. And ample flexibility, availability and scalability can simplify deployment and management of diverse applications including: # Site-to-site and remote access VPN # Bandwidth management # Mobile data # Storage network security # Secure intranets and extranets # Shared Internet connectivity The VPN Firewall Portfolio for Enterprises forms a unique 3-tier security architecture and includes: # VPN Firewall Brick® platforms – Security appliances that integrate deep packet inspection firewall functionality with advanced VPN capabilities # Lucent Security Management Server (LSMS) – Software for robust, tightly synchronized firewall, VPN, service quality, VLAN and virtual firewall policy management # Lucent IPSec Client – Easy-to-use IPSec software delivering secure remote access to VPN services The VPN Firewall Brick products let enterprises: # Support multiple IP security, VPN services with one cost-effective configuration — without additional licensing fees # Deliver innovative VLAN and virtual firewall support at no additional cost # Enjoy easy, economical provisioning, administration and maintenance # Migrate from basic to advanced security with no added infrastructure investments # Rely on a performance-tested management system # Maximize customer satisfaction and retention via customized user experiences # Help customers ensure business continuity with high availability, carrier-class reliability # Draw on expert planning, design, deployment, integration, and support from Lucent Worldwide Services
Commercial		Information updated: 14 Mar 06

XSR 3000 Series Security Router
	Enterasys Networks Inc.	http://www.enterasys.com
The XSR 3000 Series Security Router delivers simple and powerful enterprise WAN networking by combining comprehensive IP routing features; a broad range of WAN interfaces; and a rich suite of security functions, including site-to-site and remote access Virtual Private Networking and policy-managed, stateful-inspection firewall—in a single device. Unlike typical WAN routers, the XSR Security Router provides best-of-breed security and maintains wire-speed WAN performance when features are enabled. And, unlike typical security appliances, the XSR provides extensive IP routing, Quality of Service (QoS) and a wide range of WAN interfaces. With 250k PPS IP routing throughput, support for 1,000 VPN connections, and 1 Gigabit Firewall throughput, the XSR-3020 is well suited to service the high-end branch office. Capable of line-rate performance with dual T3/E3 interfaces, the XSR-3020 can be deployed to connect the branch office with hundreds of onsite users and teleworkers. Performance of 525k PPS and support for 3,000 VPN connections position the XSR-3150 to meet the needs of the high-end branch or regional office with WAN connections of up to two T3/E3 or eight T1/E1 links. As a security appliance, the XSR-3150 is capable of 2 Gigabits Firewall throughput and the IPSec VPN encryption option runs at 350 Mbps for either AES or 3DES. A redundant power supply is included to ensure high availability. With performance levels similar to the XSR-3150, the XSR-3250 (600k PPS) has six network interface module (NIM) slots. This enables it to serve the regional office, where up to six T3/E3 or 24 T1/E1 connections are required. A redundant power supply is included to ensure high availability. Features & Benefits Enterprise-class IP routing, QoS and WAN * Delivers non-stop local and wide area networking * QoS enables VoIP and other priority-sensitive applications Rich suite of security technologies * Extranet, site-to-site and remote access VPN technologies * Policy-managed, stateful inspection firewalling * Security options are software upgradeable, simplifying and reducing the cost of deploying new features and network capabilities Powerful management tools * Easy-to-use CLI for reduced training costs * SNMP integration including support for SNMPv3 * Enhanced management via client/server Java application
Commercial		Information updated: 15 Mar 06

InstaGate Security Gateway
	eSoft Inc.	http://www.esoft.com
InstaGate security gateways are scalable unified threat management (UTM) solutions that combine Anti-Virus, Spyware, Spam, Phishing and Intrusion Prevention and more into a high performance Deep Packet Inspection (DPI) Firewall and IPSec VPN architecture. Through its sophisticated inspection capabilities, InstaGate gateways offer unparalleled protection from dynamic, content-based threats that elude traditional firewalls. What's more, eSoft's patented SoftPak Director security services infrastructure will ensure that the InstaGate is always providing maximum protection with the most up-to-date threat databases available. NEW! ThreatMonitor - Vital Threat Statistics at Your Fingertips - ThreatMonitor is a graphical management tool designed to help IT managers better understand the behavior of network traffic, as well as network threat activity. ThreatMonitor collects, interprets and graphically summarizes critical system and network information to help the IT manager make more informed decisions regarding network usage and security policies. Threat Monitor provides a graphical window into each security subsystem, including Spyware, Intrusion Prevention, Virus, Spam and system statistics. Powerful, Easy-to-Manage Security - Threats do not discriminate. The most recently launched virus attacked Global 2000 enterprises the same way it did the local library and coffee shop. Enterprises generally have the staff and resources to deal with these threats, while smaller organizations typically do not. From the installation wizards that guide the user through initial device set-up and VPN setup, to the built-in diagnostics that help ensure that every piece of the network is operating as it should, InstaGate gateways provide thorough, yet cost-effective protection with maximal ease-of-use. What's more, InstaGate's embedded Intel architecture and large, high-speed memory arrays deliver high throughput, high reliability and exceptional performance, meeting the needs of the most demanding network environments. Ideal for Secure Site-to-Site and Remote-Access Connectivity - Whether your organization has one or several locations, remote workers or large numbers of traveling employees, the InstaGate makes it easier and faster to deploy large-scale VPNs and manage them from a central location. InstaGate's IPSec and PPTP support enables exceptionally secure and reliable connections, and allows you to remotely connect to a network using the VPN client bundled with any version of Microsoft Windows. Additionaly, the VPN Manager SoftPak enables central management of an entire distributed network of InstaGate appliances from a single workstation, reducing demands on IT support staff. The InstaGate VPN firewall appliance enables you to quickly network multiple boxes to create a secure network perimeter that is affordable and extensible. Optional network servers - the ultimate integrated appliance - In addition to dynamic network security, many of the InstaGate appliances offer expandability through Web, Email, Webmail, File, Print and FTP servers as well. The result is a true all-in-one appliance for virtually any small-to-medium size organization.
Commercial		Information updated: 15 Mar 06

Cisco ASA 5500 Series Adaptive Security Appliance
	Cisco Systems	http://www.cisco.com
The Cisco® ASA 5500 Series Adaptive Security Appliance is a modular platform that provides the next generation of security and VPN services. Several tailored packages have been developed to address unique customer needs via the following editions: Enterprise Editions — composed of 4 location-specific editions: Firewall Edition, IPS Edition, Anti-X Edition, and VPN Edition; each edition combines a focused set of services to meet the needs of specific environments within the enterprise network. These packages enable superior protection by providing the right services for the right location. At the same time, the Cisco ASA 5500 Series enables standardization on a single platform to reduce the overall operational cost of security. A common environment for configuration simplifies management and reduces training costs for staff, while the common hardware platform of the series reduces sparing costs. Business Edition — The Cisco® ASA 5500 Series Business Edition provides small and medium-sized companies with comprehensive gateway security and VPN connectivity. With its combined firewall and anti-X capabilities, the Cisco ASA 5500 Series is able to stop threats at the gateway before they enter the network and impact business operations. These same services are extended to remote access users providing a threat protected VPN connection. Also see the PIX 500 appliance.
Commercial		Information updated: 15 Mar 06

Proxy Sentinel and Firewall Sentinel
	Internet Security.ca	http://www.internet-security.ca
Proxy Sentinel™ and Firewall Sentinel™ are actually the industry's best Internet proxy server and Internet firewall solutions there are. Proxy Sentinel™ and Firewall Sentinel™ act as real "Protection Sentinels" in the real sense of the word. To ensure maximum Internet protection of any corporate IT network and to keep unwanted intruders outside, Proxy Sentinel™ and Firewall Sentinel™ are actually installed at the very entrance of where the Internet connects to the outside world and then connect in series to the network they are intended to protect. Once all Internet traffic has been properly analyzed, routed, cached, filtered and considered safe, only then is it released on to your network. Intruders are thus locked out at the very entrance and stay out permanently. The insertion of Proxy Sentinel™ or Firewall Sentinel™ does NOT slow down or restrict in any way your Internet connection speed or throughput, nor will it ever reduce your Internet bandwidth in any way. Since Proxy Sentinel™ and Firewall Sentinel™ simply only act as switches, they can only have two possible states: they are either on or they are in the off position. Proxy Sentinel™ and Firewall Sentinel™ act as a sophisticated IP address "filtering" system and if they determine that all Internet traffic is ok, they are then switched in the "on" position and pass all Internet traffic to your network. There is absolutely no signal or carrier loss whatsover, nor will there be any speed or Internet bandwidth reduction in any way. While contineously analyzing all Internet traffic coming in, if Proxy Sentinel™ or Firewall Sentinel™ detect any kind of malicious attacks or suspect anything similar, they will then fall in the "off" position, completely shutting out and effectively blocking any malicious Internet traffic OUT of your network. Proxy Sentinel™ and Firewall Sentinel™ effectively act as "intelligent routers", that look after your best network interests.
Commercial		Information updated: 15 Mar 06

Celestix MSA4000
	Celestix Networks Inc.	http://www.celestix.com
The Celestix MSA Security Appliances provide a cost-effective solution for perimeter defense for organizations of all sizes. The MSA appliances are powered by Windows Server 2003 and are equipped with Microsoft Internet Security and Acceleration (ISA) Server 2004. The end result is a fully integrated and out-of-box next-generation enterprise firewall, virtual private network (VPN), and Web cache solution. The MSA appliances provide multinetworking support, easy-to-use and highly integrated site-to-site VPNs, intelligent application-layer filtering capabilities, comprehensive and extensible authentication mechanisms, and vastly improved user interface and management features. • High performance appliance with Microsoft ISA Server 2004 • Enhanced security architecture with application layer filtering • SurfControl Web Filter or Websense Web Security Suite (optional) • Supports all industry standard protocols • Appliance form factor • Web GUI for remote management • 1:1 Failover Safeguards Appliances when configured as active/passive pairs -NEW- • LCD front panel for easy network configuration and status display • One button system recovery to factory default and last know good version -NEW- • Install Firewall, VPN and Caching solution in less than 15 minutes • Hardened Microsoft Windows Server 2003 See the MSA3000 and MSA4000 platforms.
Commercial		Information updated: 15 Mar 06

NetASQ UTM Appliances - F2000, F2500 and F5500
	NetASQ	http://www.netasq.com
F2000, F2500 and F5500 UTM appliances meet the conditions for integration into complicated infrastructures – high performance, upgradable hardware configuration, mechanisms for improving reliability or even interoperability with external solutions (ICAP, IPSEC, LDAP, RADIUS, Active Directory, SAM). F2000 \| Performance and availability Tested and certified by The Tolly Group, an independent test organization, NETASQ’s F2000 UTM appliance boasts impressive performance showings. Guaranteed for throughput up to 1.7 gigabits, the F2500 appliance has been designed for enterprises which seek to strike a balance between performance and the quality of their networks. F2500 \| High-level security and availability Security, performance and availability are the mainstays of the F2500, which benefits from security features. A stateful firewall, realtime intrusion prevention system, IPSec VPN hub with SSL VPN portal, internal PKI and content filtering system (antispam, antivirus and URL filters), all while maintaining throughput of 2 Gbps. F5500 \| Optimized performance and active intrusion prevention Security, performance and availability are the mainstays of the F5500, which benefits from security features such as a stateful firewall, realtime intrusion prevention system, IPSec VPN hub with SSL VPN portal, internal PKI and content filtering system (antispam, antivirus and URL filters), all while maintaining throughput of 2 Gbps. Furthermore, this appliance offers a significant level of availability thanks to, among other things, its redundant power supply and RAID disk systems.
Commercial		Information updated: 01 Nov 06

Eland SYS-2 Firewall/VPN
	Eland Systems	http://www.elandsys.com
The Eland SYS-2 Firewall/VPN is a network security appliance with a built-in firewall, Anti-Spam and Anti-Virus protection, web content filtering and a Virtual Private Network gateway to secure your internal network. The ElandSYS-2 Firewall/VPN appliance supports networks up to 250 PCs and it offers the security and reliability of much more expensive appliances but at a fraction of the cost. Features * Firewall * VPN * Antispam * Antivirus * Web Proxy * Content Filtering * DHCP * NAT * Real-time reporting Benefits * Easy to use and deploy - User-friendly web browser-based UI for configuration * Secure and reliable out-of-the-box * High performance at affordable price * IPSec VPN compatible with other vendor products * Connect up to 250 computers - our appliances do not have any license limit * Can handle up to 150,000 emails daily * Supports up to 5,000 mailboxes - Unlimited number of domains for Antispam * Scan all incoming and outgoing mail for viruses
Commercial		Information updated: 15 Mar 06

RouteFinder
	Multi-Tech Systems Inc.	http://www.multitech.com
The RouteFinder™ Internet security appliance is an integrated firewall/VPN gateway designed to maximize network security without compromising network performance. It uses Stateful Packet Inspection, for the ultimate in firewall security. In addition, it provides optional e-mail anti-virus protection, free one-year content filtering, as well as spam filtering. The RouteFinder's VPN functionality is based on IPSec and PPTP protocols and uses 3DES and AES encryption to ensure that information remains private. The browser-based interface eases configuration and management. Family Features * Supports IPSec and PPTP VPN tunneling * Utilizes Triple Data Encryption standard (3DES) and AES encryption * ICSA-certified Stateful Packet Inspection firewall with packet filter rules, DNAT, SNAT and IP MASQUERADE * Free one-year content filtering subscription * Includes free spam filtering for unsolicited bulk e-mails * Automatic dial-backup with built-in modem (RF660VPN and RF760VPN) or via an external dial-up modem or ISDN terminal adapter * Automatic system updates to protect your network against the latest threats and DoS * Application layer security using SMTP, HTTP, DNS and SOCKS proxies * Secure local or remote management using HTTP, HTTPS or SSH * Reporting function provides valuable troubleshooting information * Three built-in Ethernet ports (LAN, WAN, DMZ) * Shared Internet access via PPPoE, DHCP or static IP * Traffic monitoring and reporting * Internet access control tools provide client and site filtering * IP address mapping/port forwarding and DMZ port * Two-year warranty
Commercial		Information updated: 15 Mar 06

AstroFlowGuard Appliance
	Netsoft Inc.	http://www.netsoft.co.za
The AstroFlowGuard security and bandwidth appliance addresses security issues by incorporating a firewall, intrusion detection and prevention system (IDS and IDP), VPN Server, Bandwidth Management, and other security aware features in an easy to use, simple to deploy 1U rackmount security appliance, making this the most effective firewall appliance in the world. AstroFlowGuard is a Linux-based multi-function tool for network engineers - it incorporates all the proven bandwidth management functionality of AstroFlow, but also incorporates a statefull firewall, intrusion detection system and vpn server. With it's user-friendly interface, automatic failover and smart recovery system, AstroFlowGuard is the complete tool for anyone wanting to manage bandwidth and network security. AstroFlowGuard uses a hierarchical class-based system which when viewed through the AstroFlowGuard interface, provides a logical, intuitive view of your network classes along with their priorities. Core Features at a glance - Full feature bandwidth management tool - Web based user interface - Enterprise security features - complete stateful inspection (dynamic packet filtering) firewall - Intrusion Detection System (IDS) - Virtual Private Network (VPN) server - Auto Update system - Auto Failover feature
Commercial		Information updated: 15 Mar 06

HotBrick Firewall/VPN
	HotBrick Corporation