Barracuda's Cloud Generation Firewalls redefine the role of the Firewall from a perimeter security solution to a distributed network optimization solution that scales across any number of locations and applications, connects on-premises and cloud infrastructures, and helps organizations transform their business. From the Next Generation Firewall to a Cloud Generation Solution In the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted applications. Barracuda CloudGen Firewall is a family of physical appliance, virtual, and cloud-based appliances that protect and enhance your dispersed network infrastructure. They deliver advanced security by tightly integrating a comprehensive set of next-generation firewall technologies, including Layer 7 application profiling, intrusion prevention, web filtering, malware and advanced threat protection, antispam protection, and network access control. In addition, Barracuda CloudGen Firewalls combine highly resilient VPN technology with intelligent traffic management and WAN optimization capabilities. This lets you reduce line costs, increase overall network availability, improve site-to-site connectivity, and ensure uninterrupted access to applications hosted in the cloud. Scalable centralized management helps you reduce administrative overhead while defining and enforcing granular policies across your entire dispersed network. Barracuda's cloud-ready firewalls are ideal for multi-site enterprises, managed service providers, and other organizations with complex, dispersed network infrastructures.

• Protection Against Advanced Threats and Zero-Hour Attacks.
• Secure SD-WAN: Reduce Costs and Ensure Application Availability.
• Remote VPN Access for Off-Network Users – Anytime, Anywhere.
• Secure Migration to the Public Cloud and Hybrid Environments.
• Secure Connectivity for IoT Devices and Industrial Control Systems.

Advanced Threat Protection In today's constantly evolving threat landscape, your organization faces zero-hour malware exploits and advanced persistent threats that routinely bypass traditional, signature-based IPS and antivirus engines. Barracuda Advanced Threat Protection gives your security infrastructure the ability to identify and block new, sophisticated threats-without affecting network performance and throughput. Secure SD-WAN Barracuda CloudGen Firewalls include full next-generation Security paired with all network optimization and management functionality today known as Secure SD-WAN. This includes true zero touch deployment (ZTD), dynamic bandwidth measurement, performance based transport selection, application specific routing and even data duplication and WAN optimization technology. VPN tunnels between sites can make use of multiple uplinks simultaneously and dynamically assign the best path for the application. This enables:

• Balancing of Internet traffic across multiple uplinks to minimize downtime and improve performance
• VPN across multiple broadband connections and MPLS replacement
• Up to 24 physical uplinks to create highly redundant VPN tunnels
• Replacing network backhauling central policy enforcement architectures with direct internet breakouts
• Faster access to cloud applications like Office 365 by dynamically prioritizing them over non-critical traffic
• Guaranteed user access to critical applications through granular policy controls
• Increased available bandwidth with built-in traffic compression and data deduplication
• Auto creation of VPN tunnels between spokes in a hub-and-spoke architecture to enhance connection quality for latency-sensitive traffic

Cut MPLS Costs with Bandwidth Optimization If you have branch offices and remote locations that need to run SaaS applications or connect to your network, Barracuda can dramatically reduce your WAN costs. The traditional approach of backhauling traffic to a main office via costly MPLS leased lines can’t deliver on price and performance in the cloud era. Barracuda lets you establish direct internet breakouts for optimized cloud accessibility. Our SD-WAN maintains a fully meshed VPN using less expensive broadband connections. Use the Savings Calculator to see how much your organization to save. Why Barracuda CloudGen Firewall? When selecting security technology, it is critical that your products are supported by people who take network security as seriously as you do. Barracuda CloudGen Firewall is supported by our award-winning 24x7 technical support staffed by in-house security engineers with no phone trees. Help is always a phone call away. Hundreds of thousands of organizations around the globe rely on Barracuda to protect their applications, networks, and data.

Next-Generation Firewalls for the Cloud Era In the cloud era, network firewalls must do more than secure your network. They must also ensure you have uninterrupted network availability and robust access to cloud-hosted applications. The Barracuda NextGen Firewall F-Series is a family of hardware, virtual, and cloud-based appliances that protect and enhance your dispersed network infrastructure. They deliver advanced security by tightly integrating a comprehensive set of next-generation firewall technologies, including Layer 7 application profiling, intrusion prevention, web filtering, malware and advanced threat protection, antispam protection, and network access control. In addition, the F-Series combines highly resilient VPN technology with intelligent traffic management and WAN optimization capabilities. This lets you reduce line costs, increase overall network availability, improve site-to-site connectivity, and ensure uninterrupted access to applications hosted in the cloud. Scalable centralized management helps you reduce administrative overhead while defining and enforcing granular policies across your entire dispersed network. The F-Series cloud-ready firewalls are ideal for multi-site enterprises, managed service providers, and other organizations with complex, dispersed network infrastructures. Security for the Cloud Era Security paradigms are shifting—and securing your network perimeter is no longer good enough. In the cloud era, workloads happen everywhere, users are increasingly mobile, and potential attack surfaces are multiplying. Barracuda NextGen Firewall F-Series is purpose-built to deal with the challenges of securing widely distributed networks. Advanced Threat Protection In today's constantly evolving threat landscape, your organization faces zero-hour malware exploits and advanced persistent threats that routinely bypass traditional, signature-based IPS and antivirus engines. Barracuda Advanced Threat Protection gives your security infrastructure the ability to identify and block new, sophisticated threats-without affecting network performance and throughput. Secure SD-WAN.. Barracuda Cloud Era Firewalls include full next gen Security paired with all network optimization and management functionality today known as Secure SD-WAN. This includes true zero touch deployment (ZTD), dynamic bandwidth measurement, performance based transport selection, application specific routing and even data duplication and WAN optimization technology. VPN tunnels between sites can make use of multiple uplinks simultaneously and dynamically assign the best path for the application. This enables:

• Balancing of Internet traffic across multiple uplinks to minimize downtime and improve performance
• VPN across multiple broadband connections and MPLs replacement
• Up to 24 physical uplinks to create highly redundant VPN tunnels
• Replacing network backhauling central policy enforcement architectures with direct internet break outs
• Faster access to cloud applications like office365 by dynamically prioritizing them over non-critical traffic
• Guaranteed users' access to critical applications through granular policy controls
• Increased available bandwidth with built-in traffic compression and data deduplication
• Auto creation of VPN tunnels between spokes in a hub-and-spoke architecture to enhance connection quality for latency-sensitive traffic

Why Barracuda NextGen Firewall? When selecting security technology, it is critical that your products are supported by people who take your data security as seriously as you do. The Barracuda NextGen Firewall is supported by our award-winning 24x7 technical support staffed by in-house security engineers with no phone trees. Help is always a phone call away. Hundreds of thousands of organizations around the globe rely on Barracuda to protect their applications, networks, and data. The Barracuda NextGen Firewall is part of a comprehensive line of data protection, network firewall, and security products and services designed for organizations seeking robust yet affordable protection from ever-increasing cyber threats. Source: https://www.barracuda.com/products/nextgenfirewall_f

Benefits Detects and controls application usage

• Identify, allow, block or limit usage of applications, and features within them
• Enable safe Internet use while protecting against threats and malware
• Leverage the world's largest application library with more than 6,600 web 2.0 applications

Supports advanced identity awareness for stress-free policy enforcement

• Create granular policy definitions per user and group
• Integrate seamlessly with Active Directory
• Protect environments with social media and Internet applications

Provides proven gateway security in a single, dedicated appliance

• Rely on 24/7 advanced protection
• Reap the benefits of application control and intrusion protection (IPS), as well as extensibility support for additional security capabilities
• Get greater understanding into security events with integrated, easy-to-use centralized management
• Join more than 170,000 customers, including 100 percent of Fortune 100 companies

Features Identity awareness Great security involves limiting and tracking access to sensitive data and resources. With the Next Generation Firewall, your administrators get detailed visibility into the users, groups, applications, machines and connection types on your network so they can assign permissions to the right users and devices. The firewall makes it easy and cost-effective to enforce security policy, giving granular permission control over these entities; this results in superior protection across the entire security gateway. Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple, application-based policy definition per user or group directly from the firewall. Users’ identification may be acquired in one of three simple methods:

• Querying the Active Directory
• Through a captive portal
• Installing a one-time, thin client-side agent

Application control Employees are using more apps than ever, and you’re on the hook to protect them regardless of what they use. Check Point Next Generation Firewall has the industry’s largest application coverage, with more than 6,600 applications and 260,000 social network widgets included. You can create granular security policies based on users or groups to identify, block or limit usage of web applications and widgets like instant messaging, social networking, video streaming, VoIP, games and more. Logging and status To help you make sense out of your security event data, we included SmartLog, an advanced log analyzer that delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains. Integrated security management Our unified security management simplifies the monumental task of managing your security environment. You’ll see and control threats, devices and users with a highly intuitive graphical interface providing views, details and reports on your security health. Manage all your Check Point gateways and software blades from one comprehensive, centralized security dashboard. Intrusion prevention Next Generation Firewall includes the Check Point IPS Software Blade, which secures your network by inspecting packets traversing through the gateway. It is a full-featured IPS, providing geo-protections and frequent, automated threat definition updates. Because the IPS is part of the integrated Software Blade Architecture, you’ll get all the deployment and management advantages of a unified and extensible solution.

Features and Capabilities Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors - standalone appliances, blades, and virtual appliances - for any distributed network environment. ASA Software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. Among its benefits, Cisco ASA Software:

• Offers integrated IPS, VPN, and Unified Communications capabilities
• Helps organizations increase capacity and improve performance through high-performance, multi-site, multi-node clustering
• Delivers high availability for high resiliency applications
• Provides collaboration between physical and virtual devices
• Meets the unique needs of both the network and the data center
• Provides context awareness with Cisco TrustSec security group tags and identity-based firewall technology
• Facilitates dynamic routing and site-to-site VPN on a per-context basis

Cisco ASA software also supports next-generation encryption standards, including the Suite B set of cryptographic algorithms. It also integrates with the Cisco Cloud Web Security solution to provide world-class, web-based threat protection.

The Clavister Virtual Core Series is a set of network security products designed for virtual and cloud-based security, offering excellent performance, powerful security features and resource efficient. The Clavister Virtual Core Series offers you the same powerful security features you find in our hardware-based products, but for your virtual environment. Easily deploy your Clavister Virtual Core Series in market-leading VMware or KVM virtualization environments. Its minimal footprint and extremely low resource requirements makes the Clavister Virtual Core Series an optimal solution for all types of virtual and cloud-based network security solutions. True Application Control Clavister Virtual Core Series fully supports True Application Control – one of our next-generation firewall security services. Enabling True Application Control will help you to manage applications used in your network more safely. With added security you lower your overall risk exposure and as a result, costly security incidents and downtime can be avoided. It also gives you valuable insight in which applications are used by which user, and can therefore prioritize business critical application and increase your overall business productivity. True Application Control not only recognize more application and data, it understands how these application behave and can act immediately on malicious behavior. With its unique support for Deep Application Content Control (DACC) technology, our application control can perform in-depth analysis and control of application content with higher degree of control. DACC enables you to understand and visualize Skype IDs, SQL queries, Facebook chat text, VoIP call information and much more.
Clavister SSL Inspection for Application Control provides a high performance and non-intrusive way to identify and control even SSL encrypted applications. True Application Control is included in the Clavister Security Subscription (CSS) service. User Identity Awareness User Identity Awareness (UIA) provides granular visibility of user identity, and enables you to control network access at the user level. The User Identity Awareness together with our True Application Control functionality will provide you with an extremely powerful and versatile tool for granular visibility and control of “who-does-what-and-when” in your networks. You will have the ability to pinpoint user access to applications across both wired and wireless networks regardless of connecting device.

The mobilization of workforce has led to demand for anytime-anywhere access to network resources. This, along with increasing number of users like customers and partners connecting to an enterprise network from outside is leading to de-perimeterization of enterprise networks.

Besides, trends like rise in number of network users and devices, application explosion, virtualization, and more are leading to loss of security controls for enterprises over their networks. Cyberoam Next-Generation Firewalls (NGFW) with Layer 8 Identity-based technology offer actionable intelligence and controls to enterprises that allow complete security controls over L2-L8 for their future-ready security.

Actionable Intelligence & Controls

Cyberoam's Human Layer 8 acts like a standard abstract layer that binds with real Layers 2-7, enabling enterprises to regain lost security controls. By binding User Identity across Layers 2-7, enterprises can put security checks where they want to from L2-L8, along with complete visibility into user and network activities.

CyberoamOS

Cyberoam Next-Generation Firewalls are based on CyberoamOS – an intelligent and powerful firmware that offers next-generation security features include inline application inspection and control, website filtering, HTTPS inspection, Intrusion Prevention System, VPN (IPSec and SSL) and QoS/bandwidth management. Additional security features like Web Application Firewall, Gateway Anti-Virus, Gateway Anti-Spam are also available.

High Performance

Cyberoam offers high performance for enterprises with its powerful hardware appliances and CybeoamOS that has the ability to extract highest level of performance from a multi-core platform and tightly integrates with the hardware for network and crypto acceleration.

Scalability

Cyberoam's Extensible Security Architecture supports future enhancements like new security features and security updates that can be developed rapidly and deployed with minimum efforts without the need to change the appliance, offering future-ready security to large enterprises. In addition, enterprises can add another appliance in cluster/HA to support more number of users.

Flexibility

The FleXi Ports available in the FleXi Port (XP) security appliances offer flexible network connectivity with I/O slots that allow additional Copper/Fiber 1G/10G ports on the same security appliance, allowing enterprises to upgrade to new technologies easily and cost-effectively, making them future-ready. The FleXi Ports consolidate the number of devices in a network, offering benefits of power efficiency, reduced network complexity and reduced operational costs.

F5 BIG-IP Advanced Firewall Manager (AFM) is a high-performance, stateful, full-proxy network security solution designed to guard data centers against incoming threats that enter the network on the most widely deployed protocols. Built on F5’s industry-leading Application Delivery Controller (ADC), BIG-IP AFM gives enterprises and service providers the scalability, flexibility, performance, and control needed to mitigate the most aggressive, volumetric distributed denial-of-service (DDoS) attacks before they reach the data center.

BIG-IP AFM’s unique application-centric design enables greater effectiveness in guarding against targeted network-level attacks. It tracks the state of network sessions, maintains deep application awareness, and uniquely mitigates attacks based on more granular details than traditional firewalls. With BIG-IP AFM, organizations receive protection from over 100 attack signatures—more hardware-based signatures than any other leading firewall vendor—and unsurpassed programmability, interoperability, and visibility into threat conditions.

Key benefits

Scale to meet network demand

Meet demands for higher bandwidth usage and concurrency rates with F5’s proven TMOS architecture, hardware systems, and virtual editions to ensure performance while under attack.

Ensure application availability

Secure networks from DDoS threats across a variety of protocols, with in-depth rules customization and increased performance and scalability.

Protect with app-centric, full-proxy firewall capabilities

Inspect all incoming client connections and server-to-client responses, and mitigate threats based on security and application parameters before forwarding them on to the server.

Inspect SSL sessions

Fully terminate and decrypt SSL traffic to identify potentially hidden attacks—at high rates and with high throughput.

Streamline firewall deployment

Simplify security configuration with firewall policies oriented around applications and an efficient rules and policy GUI.

Customize reporting for visibility

Easily understand your security status with rich customizable reports, logging, and charts that provide insight to all event types and enable effective forensic analysis.

Forcepoint Next Generation Firewall (NGFW) connects and protects people and the data they use throughout the enterprise network – all with the greatest efficiency, availability and security. Trusted by thousands of customers around the world, Forcepoint network security solutions enable businesses, government agencies and other organizations to address critical issues efficiently and economically.
Decrypt traffic while safeguarding privacy
Inspect attacks and stolen data hidden inside encrypted SSL/TLS traffic while still protecting users' privacy. Extend your network into the cloud
Deploy applications safely in Amazon Web Services, Azure, and VMware. Segment different service layers and manage virtual NGFWs and IPSs the same way as physical appliances. Control access to web content
Limit users' access to entire categories of websites containing inappropriate or unsafe content with URL intelligence that’s depended upon around the globe. Protect high-assurance systems
Safeguard your most sensitive, mission-critical networks and applications with Forcepoint’s renowned Sidewinder proxy technology. Regain control of shadow IT
Understand the risk associated with unsanctioned cloud apps so you can redirect users to more appropriate apps or block them altogether. Offer SD-WAN and NGFW security as an MSSP
Manage enterprise-grade connectivity and protection from your own multi-tenant systems, with a business model tailored to the needs of MSSPs.
Key features: Modular appliances for every environment
Our broad range of appliances provide the right price-performance and form factor for each location; pluggable interface cards let you change networks with ease. High availability, mixed clustering
Active-active clustering lets you mix up to 16 different models of appliances for unrivaled scalability, longer lifecycles, and seamless updates without dropping packets. Multi-link connectivity for SD-WAN
Broadband, wireless, and dedicated lines at each location can be centrally deployed and managed, providing full control over what traffic goes over each link with automated failover. Automated, zero-downtime updates
Policy changes and software updates can be deployed to hundreds of firewalls and IPS devices around the world in minutes, not hours, without the need for service windows. Policy-driven centralized management
Smart Policies describe your business processes in familiar terms and are automatically implemented throughout the network, managed in-house or via MSSP. Actionable, interactive 360° visibility
Graphical dashboards and visualizations of network activity go beyond simple reporting, enabling admins to drill into events and respond to incidents faster. Built-in NGFW, VPN, proxies, and more
Unparalleled security comes standard, from top-ranked Next Generation Firewall and IPS to rapid-setup VPNs and granular decryption, as well as our unique Sidewinder proxy technology. Top-ranked anti-evasion defense
Multi-layer stream inspection defeats advanced attacks that traditional packet inspection can't detect—see for yourself in our Evader video series. Human-centric endpoint context
Access policies can whitelist or blacklist specific endpoint apps, patch levels or AV status. Users' behaviors are consolidated into actionable dashboards. Unified virtual and physical security
Native support for AWS, Azure, and VMware has the same capabilities, management, and high performance of our physical appliances. CASB and web security
Our reknowned URL filtering and industry-leading cloud services work together to protect your data and people as they use apps and web content. Anti-malware sandboxing
Forcepoint Advanced Malware Detection blocks previously undetected ransomware, zero-days, and other attacks before they steal sensitive data or damage your systems.

FortiGate NGFWs are network firewalls powered by purpose-built security processing units (SPUs) including the latest NP7 (Network Processor 7). They enable security-driven networking, and are ideal network firewalls for hybrid and hyperscale data centers. Fortinet NGFWs reduce cost and complexity by eliminating points products and consolidating industry-leading security capabilities such as secure sockets layer (SSL) inspection including the latest TLS1.3, web filtering, intrusion prevention system (IPS) to provide fully visibility and protect any edge. Fortinet NGFWs uniquely meet the performance needs of hyperscale and hybrid IT architectures, enabling organizations to deliver optimal user experience, and manage security risks for better business continuity. FortiGate next-generation firewalls inspect traffic at hyperscale as it enters and leaves the network. These inspections happen at unparalleled speed, scale, and performance to ensure that only legitimate traffic is allowed, all without degrading user experience or creating costly downtime. As an integral part of the Fortinet Security Fabric, FortiGate NGFWs can communicate within the comprehensive Fortinet security portfolio as well as third-party security solutions in a multivendor environment. FortiGate NGFWs seamlessly integrate with artificial intelligence (AI)-driven FortiGuard and FortiSandbox services to protect against known and zero-day threats and improve operational efficiency through integration with Fabric Management Center.

H3C SecPath NGFW series firewall is the latest incarnation of high performance security gateway. The series is developed with the advent of Web 2.0 era, integrating the latest security trends and network deep inspection technologies and is designed for SMEs, campus network egress and WAN branches. Cutting edge hardware and software specifications

• H3C SecPath NGFW series is equipped with the latest 64-bit multi-core processor and high speed storage.

Telecommunication carrier guide reliability

• H3C patented and self-developed software and hardware platform have adopted and trusted by customers ranging from SMEs to telecommunication carriers.
• H3C SCF virtualization combines multiple physical devices as a single logical device, which can be managed as a single network node. Resource could be managed as a whole, application backup could be completed in batch and overall system performance is doubled.

Bulletproof security

• Protection from a wide range of attacks including but not limited to: Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP Spoofing, IP fragment packets, ARP spoofing, reverse ARP lookup, TCP packet illegal flag bit attack defense, oversized ICMP packets, address/port scanning, detection and protection against common DDoS attacks such as SYN Flood, UPD Flood, ICMP Flood and DNS Flood.
• SOP (Security One Platform) 1:N complete virtualization added. Container based virtualization makes logical device configuration consistent with its physical counterpart. One might create multiple virtual firewalls in an H3C SecPath F10X0 device and can configure throughput, concurrent session, policy and more based on virtual system.
• Security zone let you configure security zones based on interfaces and VLANs.
• Packet filtering allows you to apply standard or advanced ACLs between security zones to filter packets based on information contained in the packets, such as UDP and TCP port numbers. Configuration of time range based ACL is also allowed.
• Support application and user based ACL combined with in-depth protection to implement the next generation access control functions
• ASPF (Application specific Packet Filter) dynamically determines whether to forward or drop a packet by checking its application layer protocol information and state (such as FTP, HTTP, SMPT, RTSP and other application layer protocols based on TCP/UDP).
• Supports AAA,including authentication based on RADIUS/HWTACACS+, CHAP,PAP and more.
• Supports static and dynamic blacklist.
• NAT and multiple NAT instances.
• VPN—Supports L2TP, IPsec/IKE, GRE, and SSL VPNs, and implements smart terminal connection.
• Supports rich routing protocol, including static routing, policy based routing, and dynamic routing protocols such as RIP and OSPF.
• Security logs
• Traffic monitoring, statistics, and management

Flexible, expandable built-in DPI

• Integrated security application processing platform is fully coupled with essential security protection.
• Comprehensive application layer traffic identification and management: with H3C’s longtime expertise in stateful inspection and traffic cross-checking technology, NGFW can accurately detect P2P/IM/online game/equity trading/video stream/multimedia applications such as Thunder/Web Thunder, BitTorrent, eMule, eDonkey, QQ, MSN, PPLive; supports P2P throttle through deep packet inspection which matches network packets with P2P packet characteristics. This effectively detects P2P traffic, achieves necessary P2P traffic management and provides different control strategies to flexibly limit P2P traffic.
• Highly precise and efficient intrusion detection engine using H3C patented and self-developed FIRST (Full Inspection with Rigorous State Test). FIRST engine consolidates multiple detection technologies to realize comprehensive inspection based on status with highly accurate intrusion detection.FIRST also uses parallel inspection technology that can be flexibly deployed with software and hardware to increase the detection efficiency.
• Realtime anti-virus protection: the stream-based virus scanning engine results in quick, accurate scanning and removal of viral code in network stream.
• Fast URL filtering: Apart from basic URL blacklist and white list filtering, URL lookup server can be set for online query.
• Comprehensive and up-to-date security signature database. With years of operation and experience, H3C hires the best team in identifying attack signatures, set up professional defense lab that keeps the team at the forefront of network security, and ensures timely update of signature database.

Industry-leading IPv6 features

• IPv6 stateful inspection truly implements IPv6 firewall, and completes IPv6 protection against attacks.
• Supports IPv4/IPv6 dual protocol stacks and supports IPv6 packet forwarding, static routing, dynamic routing and multicast routing.
• IPv6 transition technologies consist of NAT-PT, IPv6 over IPv4 GRE tunnel, manual tunnel, 6to4 tunnel, automatic IPv4-compatible IPv6 tunnel, ISATAP tunnel, NAT444, and DS-Lite.
• Supports IPv6 ACL and Radius.

Next generation applications

• Load Balancing: Implement auto switch and auto load-balancing of enterprise Internet egress through links status check and links busy status protection.
• SSL VPN: Integrated SSL VPN fulfils the secure remote access needs for mobile office and roaming employees. Additional authentication factor can be implemented with USB-Key or mobile SMS, and integrates with existing enterprise authentication system to create a fully integrated access authentication system.
• Basic support for DLP (Data Leak Prevention) includes E-mail filtering, SMTP E-mail address, subject and attachment filtering, Web page filtering, HTTP URL and content filtering, files filtering based on network transportation protocol, application layer filtering such as Java/ActiveX blocking and SQL injection attack blocking.

Intelligent management

• Intelligent security policy: policy redundancy check, policy mapping optimization advice, dynamic internal network application check and appropriate policy creations and recommendations.
• Supports SNMPv3 and compatible with SNMPv1 and SNMPv2.
• Graphical interface with simple and easy to use Web based management.
• CLI-based device management and firewall configuration that fulfils the professional management and batch deployment requirements.
• Security Service Manager (SSM) is an iMC component for centralized network security management. SSM monitors firewall devices on the network in real time, collects and analyzes security events and logs and feedback in a single console. It breaks the silos between network security devices, provides an intuitive interface for network security, gives real time feedback to security events and pinpoints the exact location of network outage. It frees IT and security administrators from the chore of management, significantly improves their productivity and let them focus on core business instead.
• Centralized log management functions based on advanced data drill-down and analysis technology. It can request and receive information to generate logs, compile different types of logs (such as syslogs and binary stream logs) in the same format, and compress and store large amounts of logs. You can encrypt and export saved logs to external storage devices such as DAS, NAS, and SAN to avoid loss of important security logs.
• Choices of reports:, application-based reports and stream-based analysis reports.
• Export of reports in different formats, such as PDF, HTML, Microsoft Word, and txt.
• Report customization through the Web interface. Customizable contents include time range, data source device, generation period, and export format.

Huawei next-generation firewalls are designed for large and medium-size enterprises, organizations, and data centers. The firewalls provide full-fledged application identification and application-layer threat and attack defense capabilities, and deliver high performance even when multiple security functions are enabled. The firewalls also offer multiple interface card slots that support various interface cards, such as GE electrical/optical and 10 GE interface cards. These cards allow users to flexibly expand services and enable the firewalls to evolve with enterprise networks, making firewalls highly cost-effective and protecting customer investment.

USG9500 Series Terabit-level Next-Generation Firewall

The USG9500 is a new-generation, terabit-level, all-in-one DC firewall from Huawei for cloud service providers, large-scale DCs, and large-scale enterprise campus networks.

The USG9500 provides terabit-level processing performance and 99.999% reliability. It integrates multiple security features such as Network Address Translation (NAT), Virtual Private Network (VPN), Intrusion Protection System (IPS), virtualization, and Service Awareness (SA) to help enterprises construct cloud computing–oriented DCs under border security protection and reduce the equipment room investment and Total Cost of Ownership (TCO) per Mbit/s.

USG6600 Series Next-Generation Firewall

The USG6600 provides unified network security for large and medium-size enterprises, organizations, and data centers.

Integrated firewall, VPN, intrusion prevention, antivirus, and data leakage prevention deliver high-performance protection. Identifies more than 6,300+ applications and analyzes intranet service traffic across six dimensions, automatically generating security policy suggestions.

Optimize security management and boost application-layer protection with the USG6600 Series Firewall.
USG6600 is certified by ICSA Labs in Firewall, IPS, IPSec, SSL VPN and AV categories, is certified at CC EAL4+ level, and earned the Recommended Rating from NSS Labs.

USG6500E Series New-Generation Firewalls (Fixed-Configuration)

Huawei USG6500E series fixed-configuration next-generation firewalls are enterprise-class new-generation firewalls designed for small and medium-sized enterprises and chain organizations. In addition to basic NGFW capabilities, the USG6500E series can interwork with other security devices to proactively defend against network threats, enhance border detection capabilities, effectively defend against advanced threats, and resolve performance deterioration problems. The self-developed network processing chip provides pattern matching and accelerated encryption/decryption service processing, which significantly improves the performance of processing content security detection and IPSec services.

USG6500E Series New-Generation Firewalls (Desktop)

Huawei USG6500E series firewalls are new-generation desktop firewalls designed for small enterprises, industry branches, and chain business organizations. In addition to the traditional firewall management mode, the cloud management mode is supported. The cloud management mode provides plug-and-play, automatic service configuration, visualized O&M, and big data analysis for a large number of branches to securely access the network. The self-developed network processing chip provides pattern matching and accelerated encryption/decryption service processing, which significantly improves the performance of processing content security detection and IPSec services.

Available on all SRX platforms, our security services reduce the attack surface in real-time and stop cyber criminals before they can breach your organization’s defenses. Identifying Application Risks Juniper AppSecure, an NFGW Services component, is a suite of services that provides deep application visibility and control in your network:

• AppTrack identifies applications on the network to assess their security risk and address user behavior. Contextual information helps you gain insight into which applications are permitted and the risk they may pose.
• AppFW provides policy-based enforcement and control, blocking access to high-risk applications and enforcing user-defined policies. Reports on application bandwidth usage deliver further insight, and you can throttle any application traffic not sanctioned by the enterprise.

Protection from Network Borne Attacks Juniper Intrusion Prevention System (IPS) and Sky Advanced Threat Prevention (ATP) work together to provide comprehensive threat detection and protection against known and unknown threats that use the network as an attack vector. The capabilities provide immediate protection from malicious malware. Continual monitoring for new exploits and vulnerabilities keeps protection up to date. The system immediately blocks threats on client and server systems inline before damage can take place. Safeguards Against Malware Although modern cyber criminals favor today’s sophisticated, turnkey techniques, they have not abandoned the tried and true approach of tucking malware into signature-based viruses and volume-based email. Integrated with our SRX platforms, Sophos Live Protection combines cloud-based reputation intelligence with on-box horsepower to deliver lightweight and fast security. Web Browsing Defense The Web is full of deception designed to get unsuspecting users to click on malicious links that might install advanced malware. Attackers regularly compromise websites by tricking users into providing their user credentials. Juniper has partnered with Forcepoint to provide URL filtering that fights such attacks. The service is constantly and globally updated in real time to provide an always-current worldwide database of malicious URLs that protect against user compromise. Avoiding Unauthorized Access and Use Every user in an enterprise must be able to access certain applications to perform specific tasks. But allowing users unlimited access to corporate resources outside their sphere of responsibility can enable the proliferation of insider threats. Our User Firewall service restricts application usage on a per-user basis by tightly integrating with Microsoft Active Directory (AD) and the Lightweight Directory Access Protocol (LDAP). As a result, you gain visibility and control of application and network use segmented by user-defined roles, enabling secure access to authorized applications. Features Advanced Application Visibility and Control You can identify applications running on your network regardless of port, protocol, and encryption. This visibility lets you immediately block evasive applications inline at the SRX firewall. Nested Application Support You can accurately identify applications embedded in common network protocols such as HTTP or HTTPS traffic. This capability also provides visibility into and granular control over applications hidden inside encrypted SSL traffic. User and Role-Based Policies Tight integration with Microsoft AD and LDAP allow you to set and enforce user- and role-based security policies. Policy setting becomes simpler and more secure, because you reduce the number of policies needed to account for user location, IP address, and so on. SSL Inspection Inline decryption and inspection of inbound and outbound Secure Sockets Layer (SSL) connections at the SRX firewall provide visibility and protection against threats embedded in SSL encrypted traffic. Junos OS Integration Integration with Juniper’s operating system consolidates and optimizes services on SRX devices for maximum scale.

Flexible deployment options and native integration with our next-generation platform extend the policy enforcement and cyberthreat prevention to everywhere your users and data are located: in your network, on your endpoints and in the cloud. Superior architecture, superior benefits Complete visibility and precise control: Our next-generation firewalls provide complete visibility into all network traffic based on applications, users, content and devices. Automated security: Innovative features reduce manual tasks and enhance your security posture, for example, by disseminating protections from previously unknown threats globally in near-real time, correlating a series of related threat events to indicate a likely attack on your network, and using dynamic address groups in security rules to avoid updating server IP addresses frequently. Protection for your users and data everywhere: Our next-generation firewalls are natively integrated with our security platform, which prevents advanced and unknown cyberthreats no matter where the users and data are located: in your network, on your endpoints and in the cloud. Products: PA-5000 Series, PA-4000 Series, PA-3000 Series, PA-2000 Series, PA-500, PA-200, VM-Series, Management Platforms Visibility and Control Our next-generation firewall classifies all traffic, including encrypted traffic, based on application, application function, user and content. You can create comprehensive, precise security policies, resulting in safe enablement of applications. This lets only authorized users run sanctioned applications, greatly reducing the surface area of cyber attacks across the organization. Threat Prevention The combination of Content-IDTM and WildFireTM provides protection from known and unknown threats. Content-ID limits unauthorized data transfer and detects and blocks a wide range of threats. WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a scalable, virtual environment, and automatically disseminates updated protections globally in near-real time. Built-in, not Bolted-on Today’s security architectures are a result of adding uncoordinated security layers one at a time, making them ineffective in dealing with modern threats. Unlike legacy firewalls that are based on this "layered security" architecture, our next-generation firewalls use a unified security design that classifies all traffic into full context before applying one set of flexible security rules in a single pass.

Sangfor NGAF is the world 1st fully integrated NGFW (Next Generation Firewall) + WAF (Web Application Firewall). It can help you provide a comprehensive network security protection against current, emerging and future threats.

• Anti-Phishing: Send out alerts on suspicious emails that could bring in Ransomware.
• Anti-Virus: Clear out known Ransomware according to over 1+ million signatures in SANGFOR database.
• Sandboxing: Detect and block emerging and new Ransomware by cloud based threat analysis.
• Anti-Malware: Damage remediation - keep Ransomware from spreading via corporate network and even block the encryption process.

Internet Security Solutions and Web Application Security

With the fast evolution of the IT industry, all applications, services and devices are being connected through the Internet with new technologies, such as BYOD, IoT (Internet of Things), Cloud and so on. This will bring many business advantages including greater convenience and productivity, however with tremendous power also comes great responsibility in handling network security.

Next Generation Firewall / Enterprise Firewall Protection

Sensitive data, such as credit card information and confidential files, are a gold mine for hackers or competitors to earn money. There are currently many cases of malicious software including the well-known threat of Ransomware, which are growing at an alarming rate along with new varieties fast developing.

Network security is often considered an additional investment with few benefits, but traditional internet security solutions are too general against the increasing number of vulnerabilities, which can often only protect against the existing threats.

Web Application Firewall and Hardware Firewall

At Sangfor, we develop complete and comprehensive internet security solutions such as our next generation firewall with web application firewall all-in-one solutions. Our solutions our specially formulated with our users in mind. Our easy-to-use converged security solution is designed to protect users against all types of threats, regardless of being internal, external, existing or future threats.

We believe security should be simple, and easy to understand, deploy and operate for even the average IT employee. Our concept of network security is defined through four fundamental points, which we prize as the core of our marketing strategy.

These four fundamental points are: Security Visibility, Real-Time Detection & Rapid Response, Simplified Security O&M and L7 High-Performance.

SonicWall is considered a Niche Player by Gartner, it offers a great many firewall options, some of which can also be offered as unified threat management (UTM) appliances. There are five models within the TZ Entry Level Firewall Series, offering an entry-level next-generation firewall. That series includes deep packet inspection, multi-engine sandboxing, anti-malware, intrusion prevention, web filtering, and secure remote access. For mid-sized organizations, the Network Security Appliance (NSA) Mid-Range Firewall is an NGFW platform built on a multi-core hardware architecture featuring 10 GbE interfaces. Features include application intelligence and control, real-time visualization, and WLAN management. For the largest of networks, SonicWall SuperMassive has sandboxing, SSL inspection, intrusion prevention, anti-malware, application identification, content filtering, real-time threat handling, centralized management, analytics and reporting. Features Security and performance: NSS Labs tested the SonicWall NSA 2650 and gave it a 98.8% security effectiveness rating, within a percentage point of the leaders. Performance was at the low end of appliances tested at 1,028 Mbps, but for an appliance that can be bought for less than $2,000, the comparison isn't a fair one. There are five SonicWall NSA firewalls above this one before you get to the high-end SuperMassive series. Value: NSS Labs gave SonicWall a $4 TCO per protected Mbps, placing it in the top three of solutions tested. Implementation: One CTO said the NSA offers "enterprise function with an SMB implementation feel." Management: As you'd expect for the target market, ease of management is a strength. One user noted reporting as an area for improvement while praising ease of management and implementation. Support: The importance of finding a good third-party partner appears to be the biggest issue. Cloud features: SonicWall has only recently begun offering a virtual firewall and API-level integration with AWS public cloud environments.

Sophos offers next-generation firewall (NGFW) features which let you protect your network with an enterprise-class firewall while securing your web traffic. It protects you against modern threats like drive-by downloads and botnets, and securely connects people and offices using our flexible VPN options. And you’ll get detailed reports to help you understand what’s going on and how to improve your network performance and protection.

Proven protection against modern day threats

You get fast, accurate scanning for viruses, spyware and active content using two parallel antivirus engines. Our Advanced Threat Protection combines multiple technologies to identify and block traffic to command and control hosts. Advanced packet filtering, network address translation (NAT), stateful inspection and network intrusion prevention system (IPS) technologies protect your network. You’ll easily see attacks targeting your resources and stop them by simply ticking a box. And our IPS is multicore engineered to run at maximum speeds on the latest processors.

Granular bandwidth visibility and control

Using our URL filter, select from over 100 categories and stop access to malicious and nonproductive websites, and set policies for certain users and particular times. A graphical flowmonitor shows everything as it happens, letting you maximize the bandwidth for what’s important and minimize it for what’s not. Our Deep Layer-7 inspection ensures true application identification for thousands of applications. We’ll automatically update these, and give you feedback on unclassified applications.

Connect remote offices with configurationless VPN

For remote workers, setting up client VPNs really couldn’t be easier. We provide users with a simple portal, letting them connect from any device, even smartphones and tablets. And when it comes to hooking up remote offices, we’ve really broken the mold. Sophos RED is a box that plugs in at any remote office and requires no onsite configuration. Connect it to the internet, register it centrally and the remote site instantly gets full UTM protection.

Intuitive management and detailed reporting

You’ll know what’s happening with your users and you’ll have complete control over all the features you need, with none of the complexity. Policies are easy to build and you get detailed reports as standard, stored locally with no separate tools required. Predefined and customizable reports show key web activity like domains visited and bandwidth consumed. And report anonymization hides user names, requiring the four-eyes-principle to unhide them.

Untangle NG Firewall takes the complexity out of network security—saving you time, money and frustration. Get everything you need in a single, modular platform that fits the evolving needs of your organization without the headaches of multiple point solutions. Rest assured that the browser-based, responsive and intuitive interface will enable you to create policies quickly and easily. Then, drill down into database-driven reports—the most comprehensive and detailed in the industry—to get visibility into exactly what’s happening on your network. Untangle NG Firewall is designed to balance performance and protection, policy and productivity. It’s an ideal fit for a range of organizations seeking a powerful, cost-effective network security solution that can handle any IT challenge: from small, remote offices to diverse school campuses to large, distributed organizations. Comprehensive Security at the Gateway NG Firewall gives you more protection at the gateway in a single solution—saving you time and money. Tackle malware, hacking attempts, phishing schemes and other exploits before they ever reach your users. Deep Analysis and Insights See who’s doing what when on your network. Set policies by user, group, device, time and more. Leverage database-driven reports for real-time and historical insights—all delivered on-box without the need for a separate appliance. Get valuable insights at a glance with a customizable, widgetized dashboard. Or, share template-driven, customizable reports via email with each of your stakeholders. Next-Generation Filtering Get a handle on every rogue application, encrypted web request, malware distribution point, drive-by malvertising attempt, and rash of spam. NG Firewall puts you in control of what your users can access, install and use. Superior Connectivity and Performance Meet the challenges of a remote workforce, branch offices and guest Wi-Fi. Keep users and data safe regardless of location or level of access. Balance competing priorities, ensure Quality of Service (QoS) and maximize uptime while saving the organization money—with features you can’t get from competitive NGFW and UTM products.

Historically, next-generation firewall (NGFW) appliances were designed to deliver a very specific set of security services – firewall, intrusion prevention, and application control. Since being originally defined, the security threats and the technology available to combat those threats have significantly evolved, creating a demand for additional network security services. As a result, other techniques and services have to be included in basic NGFW appliances such as SSL inspection, website filtering, QOS, antivirus inspection, and even sandboxing. While these additional services provide value to end users, it also confuses many people, making them wonder about the difference between an NGFW and UTM appliance. Today, companies should not be searching for an NGFW or a UTM appliance, they should be searching for the right network security appliance that meets the security, deployment, and management requirements of their unique organization. WatchGuard’s Solutions Our unique approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMB, midsize, and distributed enterprise organizations, our network security appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible. Not only does WatchGuard offer the greatest collection of network security services on a single platform, we do so in a way that has proven to be the most agile, able to adapt to new and evolving threat vectors faster than any other solution on the market. We are a security company and we want the best protection for every customer, every time. As such, we strongly recommend customers adopt a full security suite. When running WatchGuard’s Total Security Suite, our Firebox network security appliances offer the strongest security against network threats. Every Firebox can be purchased as a stand-alone NGFW appliance; however, as a security company we never recommend the deployment of an NGFW without other security mechanisms in place. The best approach to security is a layered approach.

WiJungle seamlessly manages the network, internet and security of different business verticals like Enterprises, Education, Hospitality, Healthcare, Retail, Transport, Smart City, Defence, Residential Estates, Events etc. across the globe.
The product is available in 30+ different models to serve wide range of concurrent users with throughput range from 3.2 Gbps to 240 Gbps.

It offers features like

• Access/Interface Management
• Network Management
• User/Guest Management
• BandWidth Management
• Quality Of Service
• Data Leakage Prevention
• Content Filtering
• Load Balancing
• High Availability
• Gateway Anti-Virus
• Anti-Spam
• Web Server Protection
• Sandbox
• Advance Threat Protection
• Intrusion Prevention System
• Virtual Private Network
• Vulnerability Assessment
• Intuitive & Location Aware Captive Portals
• SMS Gateway Integration
• Social Media Engagement/Advertisement option
• Feedback Management
• User Logging
• Reporting and Analytics
• Prepaid/Postpaid Billing
• Voucher Management
• PMS/HIS Integration
• AP/Device Management
• Alert Management

 

WiJungle seamlessly manages the network, internet and security of different business verticals like Enterprises, Education Institutes, Hospitality, Healthcare, Retail, Transport, Smart City, Defence, Events etc.                
The product is available in 30+ different models to serve wide range of concurrent users.

It offers features like

• Access/Interface Management
• Network Management
• User/Guest Management
• BandWidth Management
• Quality Of Service
• Data Leakage Prevention
• Content Filtering
• Load Balancing
• High Availability
• Gateway Anti-Virus
• Anti-Spam
• Web Server Protection
• Sandbox
• Advance Threat Protection
• Intrusion Prevention System
• Virtual Private Network
• Vulnerability Assessment
• Intuitive & Location Aware Captive Portals
• SMS Gateway Integration
• Social Media Engagement/Advertisement option
• Feedback Management
• User Logging
• Reporting and Analytics
• Prepaid/Postpaid Billing
• Voucher Management
• PMS/HIS Integration
• AP/Device Management
• Alert Management