Feature Description |
Advanced Firewall 2008
(& UTM-1000) |
Corporate Firewall 2008 |
Express 3 |
Notes |
Firewall: |
Stateful Inspection |
Yes |
Yes |
Yes |
|
Local IP Addresses |
Unlimited |
Unlimited |
Unlimited |
F1 |
Users Supported |
250 to 5000 |
n/a |
n/a |
F1 |
Dynamic Network Address Translation |
Yes |
Yes |
Yes |
|
Static Network Address Translation |
Yes |
SmoothHost |
No |
F2 |
Outgoing (Egress) Traffic Control |
Yes |
Yes |
Limited |
F3 |
Support multiple public IP addresses |
Yes |
SmoothHost |
No |
F4 |
Port Forward from public IP address to DMZ/local IP |
Yes |
Yes |
Yes |
|
"Round Robin" Port Forward to multiple DMZ servers |
Yes |
No |
No |
F5 |
Detection and blocking of port agile Peer to Peer traffic |
Yes |
Yes |
No |
F6 |
Administrator maintained IP Block list |
Yes |
Yes |
Yes |
|
Object based Port Rules |
Yes |
Yes |
No |
|
Internal Firewall |
Yes |
No |
No |
F7, A6 |
Traffic Blocking includes drop and reject options for both source and destination addresses |
Yes |
Yes |
No |
|
|
Networking: |
Total Network Interfaces |
4 Standard, Maximum 20 |
3 Active + 1 Failover |
4 |
N1 |
External Network (Internet) Interfaces |
1 to 19 (of total) |
1 |
1 |
N2 |
Internal Network Zones (Local Networks and DMZs) |
1 to 19 (of total) |
1 Local + 1 DMZ |
1 Local + DMZ + 1 Wireless |
N3 |
Ethernet |
Yes |
Yes |
Yes |
|
PPP connections (ISDN, ADSL and analogue modem) |
Yes |
Yes |
Yes |
N4 |
PPPoA ADSL support |
Yes |
Yes |
Yes |
|
PPPoE ADSL support |
Yes |
Yes |
Yes |
|
PPTP ADSL support |
Yes |
Yes |
No |
|
Load balancing between multiple external network interfaces |
Yes |
No |
No |
N5 |
Split traffic between multiple external network interfaces |
Yes |
No |
No |
N5 |
Split external traffic based on source or port |
Yes |
No |
No |
N5 |
Fail-over from one external interface to another |
Automatic |
Automatic |
No |
N6 |
Routing protocol support (RIP) |
Yes |
No |
No |
|
Configure static routes |
Yes |
Yes |
No |
|
VLAN Trunking (802.1Q) support |
Yes |
No |
No |
N7 |
Naming of Network Interfaces |
Yes |
Yes |
No |
|
Multiple local network subnets |
Yes |
Yes |
No |
|
Bind multiple IP addresses to a Green NIC |
Yes |
Yes |
No |
|
Red interface MAC address spoofing |
Yes |
Yes |
No |
N8 |
Configurable Maximum Transmission Unit (MTU) and TCP transmit/receive window sizes |
Yes |
Yes |
No |
|
Automatic Hardware Failover (HA) |
Yes |
No |
No |
N9 |
Inbound Load Balancing |
Yes |
No |
No |
N10 |
|
Proxies and Application Helpers: |
Web Proxy (Transparent and Non-Transparent Mode) |
Yes |
Yes |
Yes |
P1 |
GUI configuration of Web Proxy Server |
Yes |
Yes |
No |
P2 |
SMTP (Email) Relay / Proxy |
SmoothZap |
SmoothZap |
No |
P3 |
POP3 (Email) Transparent Proxy |
SmoothZap |
SmoothZap |
Partial |
P4 |
SIP (VoIP) Registering Proxy |
Yes |
Yes |
Yes |
P5 |
Transparent SIP (VoIP) Proxy |
Yes |
Yes |
Yes |
P6 |
H323 (VoIP) Application Helper |
Yes |
Yes |
No |
|
PPTP Helper (for pass-through and forwarding) |
Yes |
Yes |
No |
|
DNS Proxy Server |
Yes |
Yes |
Yes |
|
IM logging and filtering proxy |
Yes |
Yes |
Yes |
|
Advanced IM logging and reports |
Yes |
Yes |
No |
|
|
Hardware: |
Multi Processor support (SMP) |
Yes |
Yes |
No |
|
Hardware RAID (SCSI, SATA or SAS) |
Yes |
Yes |
No |
H1 |
Software RAID 1 (Disk Mirror) (SCSI, SATA, SAS or IDE) |
Yes |
Yes |
No |
H2 |
SCSI (No RAID) Disk |
Yes |
Yes |
Yes |
H3 |
SATA Disk |
Yes |
Yes |
Yes |
H4 |
SAS Disk |
Yes |
Yes |
No |
|
IDE Disk |
Yes |
Yes |
Yes |
|
IDE/SCSI CDROM support |
Yes |
Yes |
Yes |
|
10/100/1000 (Gigabit) Ethernet card |
Yes |
Yes |
Yes |
H5 |
Multi-port Ethernet card |
Yes |
Yes |
Yes |
H6 |
Full VMWare support including network drivers |
Yes |
Yes |
No |
|
USB ADSL modems and PCI ADSL modem cards |
Yes |
Yes |
Yes |
H7 |
ISDN cards and terminal adapters |
Yes |
Yes |
Yes |
H8 |
Analog modems |
Yes |
Yes |
Yes |
H9 |
Compact Flash support |
Yes |
Yes |
Partial |
H10 |
1 Gigabyte plus memory support |
Yes |
Yes |
Yes |
|
USB keyboard support |
Yes |
Yes |
Yes |
|
Serial Console |
Yes |
Yes |
No |
|
Display ADSL modem signal strength information |
Yes |
Yes |
No |
H11 |
Un-interruptible Power Supply support |
Yes |
Yes |
No |
H12 |
UPS Network Slave Mode |
Yes |
Yes |
No |
H12 |
|
Installation / Maintenance: |
Streamlined / simplified installer with basic and advanced modes |
Yes |
Yes |
No |
IN1 |
Includes security hardened Linux operating system |
Yes |
Yes |
Yes |
IN2 |
SmoothWall and Linux security updates |
Free |
Free |
Free |
IN3 |
Installation from CDROM |
Yes |
Yes |
Yes |
|
Installation from network server |
No |
No |
Yes |
|
Installation from a USB CD/DVD Device |
Yes |
Yes |
Yes |
|
Configuration backup to hard disk file/floppy and restore |
Yes |
Yes |
No |
|
Backup/restore configurtion from USB device |
Yes |
Yes |
No |
|
Automatic configuration backup (time of day) |
Yes |
Yes |
No |
|
Backup to multiple remote targets |
Yes |
Yes |
No |
|
Partial configuration restore (time of day) |
Yes |
Yes |
No |
IN4 |
Backup to multiple remote targets |
Yes |
Yes |
No |
|
Partial configuration restore |
Yes |
Yes |
No |
IN4 |
Install new device drivers from floppy disk/CDROM |
Yes |
Yes |
No |
|
Automatic download of new updates |
Yes |
Yes |
Yes |
IN5 |
Install update automatically at configured time |
Yes |
Yes |
No |
|
Scheduled reboots |
Yes |
Yes |
No |
|
Bulk application of updates from CD at installation time |
Yes |
Yes |
n/a |
IN6 |
Automatic installation of any modules present on the firewall installation CD |
Yes |
Yes |
n/a |
IN7 |
Ethernet cable status reporting |
Yes |
Yes |
No |
IN8 |
Un-install modules |
Yes |
Yes |
n/a |
|
Pre-installed software |
Yes |
Yes |
n/a |
IN9 |
|
Configuration: |
Configuration via a web browser GUI |
Yes |
Yes |
Yes |
|
Dashboard, configurable GUI Home page display of system status, VPN, firewall reports, traffic statistics etc. |
Yes |
Yes |
No |
C1 |
AJAX Enhanced GUI |
Yes |
Yes |
Yes |
|
Network interfaces (IP Address) configured via GUI |
Yes |
Yes |
Yes |
|
Restrict configuration access to specified public IP addresses |
Yes |
Yes |
Yes |
|
Restrict config access to specified local IP addresses |
Yes |
Yes |
No |
|
Administration users with limited access (eg reports, log viewers, VPN, Guardian web content filtering) |
Yes |
Yes |
No |
|
Drop down lists of common IP services/ports |
Yes |
Yes |
Yes |
|
On-line Help appears in a seperate pop-up window |
Yes |
Yes |
Yes |
|
All rule lists and log files can be sorted by any column |
Yes |
Yes |
No |
C2 |
Validation of configuration parameters as they are typed |
Yes |
Yes |
Yes |
|
Infrequently used options exposed by "Advanced" buttons |
Yes |
Yes |
No |
|
Tooltips |
Yes |
Yes |
Yes |
|
Realtime display of service status, web proxy stats |
Yes |
Yes |
No |
|
Config replication between master and slave systems |
Yes |
Yes |
No |
C3 |
|
Authentication: |
Microsoft Active Directory (LDAP) User Authentication |
Yes |
No |
No |
A1 |
OpenLDAP User Authentication |
Yes |
No |
No |
A2 |
Novell eDirectory (NDS) User Authentication |
Yes |
No |
No |
|
Local User Authentication Database |
Yes |
Yes |
No |
A3 |
RADIUS Authentication |
Yes |
No |
No |
|
Authentication via Ident client for Microsoft Windows |
Yes |
Yes |
No |
A4 |
SSL Login page (transparent mode user authentication) |
Yes |
Yes |
No |
A5 |
Microsoft NTLM User Authentication (including password protected mode) |
Yes |
Partial |
No |
|
SmoothWall User Groups linked to Active Directory, eDirectory, LDAP user authentication |
Yes |
No |
n/a |
|
Guardian web access can be controlled by Group (user authentication) |
Yes |
Yes |
n/a |
|
Guardian web access controlled by IP/IP Address Range/Network Address |
Yes |
Yes |
n/a |
|
User Internet access controlled by Group (user authentication) or IP Address/IP Address Range/Network Address |
Yes |
No |
n/a |
|
Inter-zone access controlled by user authentication |
Yes |
No |
n/a |
A6 |
VPN user access controlled by user authentication |
Yes |
No |
n/a |
A7 |
Multiple Admin/Configuration Users |
Yes |
Yes |
No |
A8 |
Login page with configurable login messages and log-out facility |
Yes |
Yes |
No |
|
|
Intrusion Detection: |
Intrusion Detection System |
Yes |
Yes |
Yes |
|
Intrusion Alert Messages by email or SMS text messages |
Yes |
Yes |
No |
IDS1 |
|
Virtual Private Network (VPN): |
SSL VPN for mobile (Road Warrior) or home users |
Yes |
Yes |
No |
|
L2TP VPN for mobile (Road Warrior) or home users |
Yes |
Yes |
No |
V3 |
IPSec VPN for site-to-site network connections |
Yes |
Yes |
Yes |
V1 |
IPSec VPN for mobile (Road Warrior) or home users |
Yes |
Yes |
No |
V2 |
Configure which Internet connection each IPSec tunnel should use |
Yes |
No |
No |
|
VPN Tunnels |
20 (Included) to 500 |
1 (Included) to 100 |
See note |
V4 |
AES Encryption (256 bit) |
Yes |
Yes |
No |
|
3DES Encryption |
Yes |
Yes |
Yes |
|
x509 Certificate Authentication |
Yes |
Yes |
No |
|
Certificate Authority included |
Yes |
Yes |
No |
V5 |
Pre-Shared Key (PSK/Shared Secret) Authentication |
Yes |
Yes |
Yes |
|
NAT Traversal (NAT-T) |
Yes |
Yes |
No |
V6 |
VPN secure local (wireless) connection |
Yes |
No |
No |
V7 |
Logging of Road Warrior VPN connections (with option to send alert messages) |
Yes |
Yes |
No |
V8 |
PPTP forwarding and pass-through |
Yes |
Yes |
Yes |
|
|
Logging and Reporting: |
Disk logging of all firewall/IDS events, web traffic etc. |
Yes |
Yes |
Yes |
|
Configure/enable individual logging functions |
Yes |
Yes |
No |
L1 |
Configure how long log files are retained (day/weeks) |
Yes |
Yes |
No |
L1 |
Forced log file rotation in the event of low free disk space |
Yes |
Yes |
No |
|
Log files on RAM disk |
Yes |
Yes |
No |
|
Log filtering (eg by Source IP/Port, Destination IP/Port) |
Yes |
Yes |
No |
|
Google-like paginated log file viewers |
Yes |
Yes |
Yes |
|
All rule lists and log files can be sorted by any column |
Yes |
Yes |
No |
L2 |
Scheduled report generation / scheduled email reports |
Yes |
Yes |
No |
L3 |
Outgoing (egress) traffic reporting/analysis |
Yes |
Yes |
No |
L4 |
Real-time AJAX traffic graphs and log viewers |
Yes |
Yes |
No |
|
Selectively log blocked traffic |
Yes |
Yes |
No |
|
Network analysis tool for displaying network traffic info |
Yes |
Yes |
No |
|
SNMP Support |
Yes |
No |
No |
L5 |
Remote Syslog support |
Yes |
Yes |
No |
|
Service availability checking (including systems behind the firewall) |
Yes |
Yes |
No |
|
Physical hardware monitoring (eg disk status) |
Yes |
Yes |
No |
|
User designed reports using templates |
Yes |
Yes |
No |
|
Export log files in multiple formats (csv, tsv, xls etc) |
Yes |
Yes |
No |
|
Advanced reports in HTML format |
Yes |
Yes |
No |
|
Multiple report formats (csv, tsv) |
Yes |
Yes |
No |
|
Reports in Microsoft Excel format |
Yes |
Yes |
No |
|
Reports in Adobe PDF format |
Yes |
Yes |
No |
|
|
DHCP Server: |
DHCP server support for local (Green) networks |
Multiple |
1 or 2 |
Single |
|
DHCP server support for DMZ |
Multiple DMZ |
Single DMZ |
No |
|
View DHCP leases granted |
Yes |
Yes |
No |
|
Display list of MAC addresses on local/DMZ networks |
Yes |
Yes |
No |
|
DHCP Relay |
Yes |
No |
No |
|
NTP, network boot, TFTP and automatic web proxy detection options |
Yes |
Yes |
No |
|
|
Miscellaneous: |
NTP service for computers on local networks/DMZ |
Yes |
Yes |
Yes |
|
Modularization of core services/components (eg Web Proxy server, DHCP server) |
Yes |
Yes |
No |
M1 |
Timed/delayed shutdown/reboot |
Yes |
Yes |
No |
|
Inbuilt ClamAV anti-virus |
Yes |
Yes |
POP3 only |
M2 |
Network Doctor diagnostic tool |
Yes |
Yes |
No |
|
|
Available Modules: |
Web Security/Content Filtering (SmoothGuardian) |
Yes |
Yes |
No |
|
Bandwidth Management/QoS (SmoothTraffic) |
Yes |
Yes |
No |
|
VPN Gateway (SmoothTunnel) |
Integrated |
Integrated |
No |
V1-8 |
Internet Access Control/Outbound Rules (SmoothRule) |
Integrated |
Integrated |
No |
F3 |
Incident Alerting and Reporting (SmoothMonitor) |
Integrated |
Integrated |
No |
L3 |
Support for Multiple DMZ Servers (SmoothHost) |
Integrated |
Yes |
No |
F4 |
Email Security (Anti-spam/virus and relay) (SmoothZap) |
Yes |
Yes |
No |
|
|
System Requirements: |
Processor |
PIII 500 MHz |
PIII 200 MHz |
Pentium |
S1 |
Memory |
128 MBytes |
128 MBytes |
64 MBytes |
S2 |
Hard Disk |
4 GBytes |
4 GBytes |
1 GBytes |
S3 |
Flash Memory (alternative to Hard Disk) |
256 MBytes |
256 MBytes |
n/a |
S3 |
|
Commercial Support: |
Technical support by Phone and Email from SmoothWall |
Yes |
Yes |
No |
|
Global support from SmoothWall Reseller Partners |
Yes |
Yes |
No |
|
Technical Training Courses from SmoothWall Ltd. |
Yes |
Yes |
No |
|