SRX Series Services Gateways are high-performance network security solutions for enterprises and service providers that pack high port-density, advanced security, and flexible connectivity, into easily managed platforms.

These versatile and cost-effective solutions support fast, secure, and highly-available, data center and branch operations, with unmatched performance to deliver some of the industry’s best price-performance ratios and lowest TCOs.

An Unrivaled Class in Security

WatchGuard's Next-Generation Firewall (NGFW) advances the state of the art in security, manageability, and compatibility with real-world business environments. WatchGuard's NGFW products provide true line-speed security inspection on all traffic and support multi-gigabit packet filtering throughput. In addition, the NGFW line provides Application Control; connects offices via unique drag-and-drop VPN; connects people via SSL and IPSec VPN; and gives the enterprise unparalleled visibility into real-time and historical user, network, and security activities. With WatchGuard's NGFW, businesses can define, enforce, and audit strong security and acceptable use policies, resulting in increased employee productivity and less risk to critical intellectual property or customer data.

Key Characteristics:

• High performance security inspection that blocks attacks and unwanted traffic without hindering mission-critical Internet usage.
• Best secure throughput in its class, with a very broad feature set and the best real-time visibility tools.
• Supports over 1,800 applications, more than any other Next-Generation Firewall.

What is a Next-Generation Firewall?

A platform for network traffic inspection and network security policy enforcement, with the following minimum features:

• Standard firewall capabilities: Packet filtering, network address translation (NAT), stateful protocol inspection, Virtual Private Networking
• Integrated Network Intrusion Prevention (IPS)
• Application Awareness and Control
• Additional Intelligence: Directory integration to tie security policies to users and groups; cloud-based reputation services to stop traffic from dangerous sources
• Real-time and historical visibility into user, network, and security activity

The NG1000-A and NG5000-A appliances are designed to adapt to the high-bandwidth, mission-critical environments of large corporations. They can be used to secure broadband internet access, or as analysis and traffic protection probes.

New SG Series Appliances

Unleash the full potential of your network.

Our latest SG Series appliances are built to provide optimal performance, versatility and efficiency to meet all your security needs. 

Advanced Threat Protection

Our Advanced Threat Protection (ATP) combines multiple technologies to add an additional layer of defense against targeted attacks on your network.

• Uses layered protection to effectively prevent APTs, command and control traffic and targeted attacks
• Performance-optimized Intrusion Prevention System (IPS) identifies and blocks attacks through deep-packet inspection
• When combined with Web, selective analysis of unidentified traffic in a cloud sandbox helps to constantly improve the threat data provided by SophosLabs

Dynamic App Control

In a couple clicks you can protect your employees from web threats and control their time online.

• A graphical flowmonitor and dynamic reports let you check on the fly to see if your policy is working and make instant adjustments
• Block, allow, shape and prioritize web applications like file sharing, IM clients, streaming media and games
• Deep Layer-7 inspection identifies over 900 applications, and it gives feedback on unclassified applications too

Web Malware Protection

You get the most advanced web threat protection:

• Our high-performance web malware engine inspects all web traffic in real-time
• Advanced techniques like JavaScript emulation block the latest web threats before they reach the browser
• SophosLabs continuously updates our threat intelligence via the cloud, keeping you ahead of new and emerging threats

Lightning Performance

Our hardware appliances are purpose built, high-performance devices. They integrate our security applications with a hardened operating system (OS) on optimized Intel-compatible server systems.

• Flexible and scalable hardware and software tailored to your needs
• Optimized for best performance in real-life usage scenarios
• Best performance, no matter which deployment method you choose

Customizable Web Filtering

Select from over 35 million sites in 96 categories to create safe web browsing policies—so you can minimize legal concerns around inappropriate content and maximize productivity.

• You can set policy by users and time, using a variety of authentication options including IP or Mac Address, Active Directory SSO, eDirectory SSO and LDAP. And, it syncs with UTM Endpoint Protection and the Sophos Enterprise Console, providing a single web security policy for users everywhere.

Palo Alto Networks offers a full line of next-generation security appliances that range from the PA-200, designed for enterprise remote offices, to the PA-7050, which is a modular chassis designed for high-speed datacenters. Our platform architecture is based on our single-pass software engine and uses function-specific processing for networking, security, threat prevention, and management to deliver predictable performance. The same firewall functionality that is delivered in the hardware appliances is also available in the VM-Series virtual firewall, allowing you to secure your virtualized and cloud-based computing environments using the same policies applied to your perimeter or remote office firewalls.

Overview McAfee Firewall Enterprise defends critical assets, such as regulated data repositories (customer, financial, and healthcare data), email and web servers, extranets, and data centers. This proxy-based firewall also offers application visibility and deep application controls for defense, delivers strong policy-based controls, blocks the latest threats, and eliminates unwanted traffic. Firewall Enterprise identifies users and sees the host applications actually used to initiate network connections. A first for the network security industry, this unique host and firewall integration works to identify potential anomalies and threats throughout the inside of an organization’s network.

Advanced firewall security capabilities, such as application identification, reputation-based global intelligence, automated threat feeds, encrypted traffic inspection (SSH/SSL), intrusion prevention, antivirus, and content/URL filtering, block attacks before they occur. Unlike other solutions, McAfee includes these additional security services at no additional charge.

Firewall Enterprise also includes enhanced firewall security powered by McAfee Global Threat Intelligence (GTI). McAfee GTI is a comprehensive cloud-based threat intelligence service. Already integrated into McAfee security products, it works in real time, 24 hours a day, to protect customers against cyberthreats across all vectors — file, web, message, and network. McAfee GTI offers the broadest threat data, most robust data correlation, and most complete product integration in the industry. McAfee’s GTI network allows enabled products to evaluate threats on multiple vectors in real time, leading to faster identification of threats and higher capture rates. Firewall Enterprise uses the McAfee GTI network connection reputation service to identify domains, IP addresses, and ports that may be hosting malware attacks, and block those attacks. Firewall Enterprise also uses web reputation to identify URLs that may be infected or hosting malware attacks, as well as sites hosting undesirable content.

McAfee also offers proven centralized management, right-click integration with ePolicy Orchestrator (McAfee ePO) software for endpoint data and mature migration tools to move from legacy firewalls to ours. Firewall Enterprise fully supports McAfee’s SIEM solutions too, including McAfee Enterprise Security Manager and McAfee Event Reporter, providing customizable views and reports for all firewalls across a customer’s global network. This high-assurance firewall solution offers very flexible deployment options — from virtualized software to custom-built hardware to availability on the Crossbeam high-performance platform and running on CloudShield’s trusted cyber platform. Firewall Enterprise is a best fit for organizations that need high-assurance security to protect critical assets inside the network as part of a layered defense strategy.

McAfee Firewall Enterprise Control Center (sold separately) — Offers centralized, enterprise-class network firewall policy management for global-scale deployments.

Whether you need to deploy a High Performance Data Center Firewall, an Enterprise Next Generation Firewall or a smaller UTM device for your Distributed Enterprise site or small business, there is a FortiGate physical or virtual appliance to fit your unique Network Security requirements.

We combine the FortiOS™ Operating System with custom FortiASIC™ processors and the latest-generation CPUs to provide advanced protection from sophisticated, highly targeted attacks, without becoming a network bottleneck. 

• FortiOS enables you to choose from a broad range of world-class security capabilities and configuration options, anything from pure a High Performance Firewall-only to fully loaded UTM device.
• FortiCarrier provides enhanced FortiOS security features specifically designed for 4G LTE Carrier and ISP Networks
• FortiASIC processors deliver extremely High Performance , Ultra-low latency and unmatched scalability.

Fortinet’s Network Security Platforms can serve many different roles in your enterprise network:

• High Performance Firewalls for Data Centers
• NGFW (Next Generation Firewall) for Campus Perimeters
• UTM (Unified Threat Management) for Distributed Offices

Highlights

• The industry’s fastest firewall appliance- 160Gbps throughput and multiple 40G, QSFP ports- and firewall chassis with 520 Gbps throughput.
• NSS Labs “Recommended” Next Generation Firewalls with five times more next- generation threat protection performance, more security.
• High switch port density and Power over Ethernet (PoE ) support on smaller UTM appliance delivers secure wired and wireless access and connectivity .
• Cloud-Ready – Multi-tenant/ Virtual Domain support, Support for VMware and all major hypervisors, APIs for rapid orchestration, fast integration with 3rd party ecosystems.

A next-generation firewall that protects mobile, cloud, and data-sharing interactions without impairing network performance.

Security Without Compromise

The Cisco ASA 5500-X Series helps organizations to balance security with productivity. It combines the industry's most deployed stateful inspection firewall with comprehensive, next-generation network security services, including:

• Visibility and granular control of applications and micro-applications, with behavior-based controls
• Robust web security
• Advanced threat protection with a comprehensive, highly effective intrusion prevention system (IPS)
• Highly secure remote access
• Protection from botnets
• Proactive, near-real-time protection against Internet threats

Wide Range of Sizes and Form Factors

Protect networks of all sizes with MultiScale performance and a wide range of form factors. Cisco ASA 5500-X Series Next-Generation Firewalls are available as:

• Scalable, standalone appliances for branch offices, midsize businesses securing the Internet edge, and enterprise data centers
• High-performance blades that integrate with the Cisco Catalyst 6500 Series Switches
• Virtual instances to provide enterprise-class security for private and public clouds

Proven, Enterprise-Class Platform

All Cisco ASA 5500-X Series Next-Generation Firewalls are powered by Cisco Adaptive Security Appliance (ASA) Software, with enterprise-class stateful inspection and next-generation firewall capabilities. ASA software also:

• Integrates with other essential network security technologies
• Supports Cisco TrustSec security group tags (SGTs) and Identity-Based Firewall for enhanced user ID awareness
• Enables up to eight ASA 5585-X appliances to be clustered, for up to 320 Gbps of firewall and 80 Gbps of IPS throughput
• Delivers high availability for high-resiliency applications

The Dell™ SonicWALL™ E-Class Network Security Appliance (NSA) Series is an industry first—using patented Reassembly-Free Deep Packet Inspection™* (RFDPI) technology in combination with multi-core specialized security microprocessors to deliver gateway anti-virus, anti-spyware, intrusion prevention and Application Intelligence at high speed—without sacrificing network performance.

Multi-core performance architecture.

The Dell SonicWALL E-Class NSA Series delivers powerful threat prevention against a vast spectrum of network attacks with unprecedented speed, thanks to multi-core performance architecture. Through the concurrent use of up to 16 specialized security processing cores, the E-Class NSA is engineered to provide breakthrough deep packet inspection and granular network intelligence over real-time network traffic without impacting network performance. Utilizing the processing power of these multiple cores in unison dramatically increases throughput and simultaneous inspection capabilities while lowering overhead impact.

Taking protection to new levels of control is the Dell SonicWALL Application Intelligence Service, a set of customizable protection tools that empowers administrators with precise control over network traffic. This configurable set of granular application-specific policies can automate bandwidth management, control internal and external Web access, restrict transfer of specific files and documents, scan email attachments through user-configurable criteria and support custom signatures.

Deployment flexibility.

Designed for highly redundant operations, E-Class NSA appliances are ideal solutions for wired or wireless deployments requiring high-speed access and heavy workgroup segmentation. With integrated support for standards-based VoIP, virtual local area networks (VLANs), enterprise-class routing and quality of service (QoS), E-Class NSAs increase deployment flexibility and enhance productivity.

Dynamic protection.

Dynamic threat protection, content filtering and Application Intelligence services are continually updated on a 24x7 basis to maximize security and decrease cost. IT productivity is increased by eliminating ad-hoc patch management for servers and workstations, automating the application of new protection signatures and removing the necessity to manually update security policies.