4
SSG320M
SSG350M
Firewall
Network attack detection
yes
yes
doS and ddoS protection
yes
yes
TcP reassembly for fragmented packet protection
yes
yes
Brute force attack mitigation
yes
yes
SyN cookie protection
yes
yes
Zone-based IP spoofing
yes
yes
Malformed packet protection
yes
yes
Unified Threat Management
(3)
IPS (deep Inspection firewall)
yes
yes
Protocol anomaly detection
yes
yes
Stateful protocol signatures
yes
yes
IPS/dI attack pattern obfuscation
yes
yes
Antivirus
yes
yes
Signature database
200,000+
200,000+
Protocols scanned
POP3, HTTP, SMTP, IMAP, FTP, IM
POP3, HTTP, SMTP, IMAP, FTP, IM
Antispyware
yes
yes
Antiadware
yes
yes
Anti-keylogger
yes
yes
Instant message AV
yes
yes
Antispam
yes
yes
Integrated UrL filtering
yes
yes
external UrL filtering
(4)
yes
yes
VoIP Security
H.323 ALG
yes
yes
SIP ALG
yes
yes
MGcP ALG
yes
yes
SccP ALG
yes
yes
NAT for VoIP protocols
yes
yes
IPsec VPN
concurrent VPN tunnels
500
500
Tunnel interfaces
100
300
deS (56-bit), 3deS (168-bit) and AeS (256-bit)
yes
yes
Md-5 and SHA-1 authentication
yes
yes
Manual key, IKe, IKev2 with eAP, PKI (X.509)
yes
yes
Perfect forward secrecy (dH Groups)
1,2,5
1,2,5
Prevent replay attack
yes
yes
remote access VPN
yes
yes
L2TP within IPsec
yes
yes
IPsec NAT traversal
yes
yes
Auto-connect VPN
yes
yes
redundant VPN gateways
yes
yes
User Authentication and Access Control
Built-in (internal) database - user limit
500
500
Third-party user authentication
rAdIUS, rSA SecureId, LdAP
rAdIUS, rSA SecureId, LdAP
rAdIUS Accounting
yes – start/stop
yes – start/stop
XAUTH VPN authentication
yes
yes
Web-based authentication
yes
yes
802.1X authentication
yes
yes
Unified Access control enforcement point
yes
yes
Specifications
(continued)
