| Feature Description |
Advanced Firewall 2008
(& UTM-1000) |
Corporate Firewall 2008 |
Express 3 |
Notes |
| Firewall: |
| Stateful Inspection |
Yes |
Yes |
Yes |
|
| Local IP Addresses |
Unlimited |
Unlimited |
Unlimited |
F1 |
| Users Supported |
250 to 5000 |
n/a |
n/a |
F1 |
| Dynamic Network Address Translation |
Yes |
Yes |
Yes |
|
| Static Network Address Translation |
Yes |
SmoothHost |
No |
F2 |
| Outgoing (Egress) Traffic Control |
Yes |
Yes |
Limited |
F3 |
| Support multiple public IP addresses |
Yes |
SmoothHost |
No |
F4 |
| Port Forward from public IP address to DMZ/local IP |
Yes |
Yes |
Yes |
|
| "Round Robin" Port Forward to multiple DMZ servers |
Yes |
No |
No |
F5 |
| Detection and blocking of port agile Peer to Peer traffic |
Yes |
Yes |
No |
F6 |
| Administrator maintained IP Block list |
Yes |
Yes |
Yes |
|
| Object based Port Rules |
Yes |
Yes |
No |
|
| Internal Firewall |
Yes |
No |
No |
F7, A6 |
| Traffic Blocking includes drop and reject options for both source and destination addresses |
Yes |
Yes |
No |
|
| |
| Networking: |
| Total Network Interfaces |
4 Standard, Maximum 20 |
3 Active + 1 Failover |
4 |
N1 |
| External Network (Internet) Interfaces |
1 to 19 (of total) |
1 |
1 |
N2 |
| Internal Network Zones (Local Networks and DMZs) |
1 to 19 (of total) |
1 Local + 1 DMZ |
1 Local + DMZ + 1 Wireless |
N3 |
| Ethernet |
Yes |
Yes |
Yes |
|
| PPP connections (ISDN, ADSL and analogue modem) |
Yes |
Yes |
Yes |
N4 |
| PPPoA ADSL support |
Yes |
Yes |
Yes |
|
| PPPoE ADSL support |
Yes |
Yes |
Yes |
|
| PPTP ADSL support |
Yes |
Yes |
No |
|
| Load balancing between multiple external network interfaces |
Yes |
No |
No |
N5 |
| Split traffic between multiple external network interfaces |
Yes |
No |
No |
N5 |
| Split external traffic based on source or port |
Yes |
No |
No |
N5 |
| Fail-over from one external interface to another |
Automatic |
Automatic |
No |
N6 |
| Routing protocol support (RIP) |
Yes |
No |
No |
|
| Configure static routes |
Yes |
Yes |
No |
|
| VLAN Trunking (802.1Q) support |
Yes |
No |
No |
N7 |
| Naming of Network Interfaces |
Yes |
Yes |
No |
|
| Multiple local network subnets |
Yes |
Yes |
No |
|
| Bind multiple IP addresses to a Green NIC |
Yes |
Yes |
No |
|
| Red interface MAC address spoofing |
Yes |
Yes |
No |
N8 |
| Configurable Maximum Transmission Unit (MTU) and TCP transmit/receive window sizes |
Yes |
Yes |
No |
|
| Automatic Hardware Failover (HA) |
Yes |
No |
No |
N9 |
| Inbound Load Balancing |
Yes |
No |
No |
N10 |
| |
| Proxies and Application Helpers: |
| Web Proxy (Transparent and Non-Transparent Mode) |
Yes |
Yes |
Yes |
P1 |
| GUI configuration of Web Proxy Server |
Yes |
Yes |
No |
P2 |
| SMTP (Email) Relay / Proxy |
SmoothZap |
SmoothZap |
No |
P3 |
| POP3 (Email) Transparent Proxy |
SmoothZap |
SmoothZap |
Partial |
P4 |
| SIP (VoIP) Registering Proxy |
Yes |
Yes |
Yes |
P5 |
| Transparent SIP (VoIP) Proxy |
Yes |
Yes |
Yes |
P6 |
| H323 (VoIP) Application Helper |
Yes |
Yes |
No |
|
| PPTP Helper (for pass-through and forwarding) |
Yes |
Yes |
No |
|
| DNS Proxy Server |
Yes |
Yes |
Yes |
|
| IM logging and filtering proxy |
Yes |
Yes |
Yes |
|
| Advanced IM logging and reports |
Yes |
Yes |
No |
|
| |
| Hardware: |
| Multi Processor support (SMP) |
Yes |
Yes |
No |
|
| Hardware RAID (SCSI, SATA or SAS) |
Yes |
Yes |
No |
H1 |
| Software RAID 1 (Disk Mirror) (SCSI, SATA, SAS or IDE) |
Yes |
Yes |
No |
H2 |
| SCSI (No RAID) Disk |
Yes |
Yes |
Yes |
H3 |
| SATA Disk |
Yes |
Yes |
Yes |
H4 |
| SAS Disk |
Yes |
Yes |
No |
|
| IDE Disk |
Yes |
Yes |
Yes |
|
| IDE/SCSI CDROM support |
Yes |
Yes |
Yes |
|
| 10/100/1000 (Gigabit) Ethernet card |
Yes |
Yes |
Yes |
H5 |
| Multi-port Ethernet card |
Yes |
Yes |
Yes |
H6 |
| Full VMWare support including network drivers |
Yes |
Yes |
No |
|
| USB ADSL modems and PCI ADSL modem cards |
Yes |
Yes |
Yes |
H7 |
| ISDN cards and terminal adapters |
Yes |
Yes |
Yes |
H8 |
| Analog modems |
Yes |
Yes |
Yes |
H9 |
| Compact Flash support |
Yes |
Yes |
Partial |
H10 |
| 1 Gigabyte plus memory support |
Yes |
Yes |
Yes |
|
| USB keyboard support |
Yes |
Yes |
Yes |
|
| Serial Console |
Yes |
Yes |
No |
|
| Display ADSL modem signal strength information |
Yes |
Yes |
No |
H11 |
| Un-interruptible Power Supply support |
Yes |
Yes |
No |
H12 |
| UPS Network Slave Mode |
Yes |
Yes |
No |
H12 |
| |
| Installation / Maintenance: |
| Streamlined / simplified installer with basic and advanced modes |
Yes |
Yes |
No |
IN1 |
| Includes security hardened Linux operating system |
Yes |
Yes |
Yes |
IN2 |
| SmoothWall and Linux security updates |
Free |
Free |
Free |
IN3 |
| Installation from CDROM |
Yes |
Yes |
Yes |
|
| Installation from network server |
No |
No |
Yes |
|
| Installation from a USB CD/DVD Device |
Yes |
Yes |
Yes |
|
| Configuration backup to hard disk file/floppy and restore |
Yes |
Yes |
No |
|
| Backup/restore configurtion from USB device |
Yes |
Yes |
No |
|
| Automatic configuration backup (time of day) |
Yes |
Yes |
No |
|
| Backup to multiple remote targets |
Yes |
Yes |
No |
|
| Partial configuration restore (time of day) |
Yes |
Yes |
No |
IN4 |
| Backup to multiple remote targets |
Yes |
Yes |
No |
|
| Partial configuration restore |
Yes |
Yes |
No |
IN4 |
| Install new device drivers from floppy disk/CDROM |
Yes |
Yes |
No |
|
| Automatic download of new updates |
Yes |
Yes |
Yes |
IN5 |
| Install update automatically at configured time |
Yes |
Yes |
No |
|
| Scheduled reboots |
Yes |
Yes |
No |
|
| Bulk application of updates from CD at installation time |
Yes |
Yes |
n/a |
IN6 |
| Automatic installation of any modules present on the firewall installation CD |
Yes |
Yes |
n/a |
IN7 |
| Ethernet cable status reporting |
Yes |
Yes |
No |
IN8 |
| Un-install modules |
Yes |
Yes |
n/a |
|
| Pre-installed software |
Yes |
Yes |
n/a |
IN9 |
| |
| Configuration: |
| Configuration via a web browser GUI |
Yes |
Yes |
Yes |
|
| Dashboard, configurable GUI Home page display of system status, VPN, firewall reports, traffic statistics etc. |
Yes |
Yes |
No |
C1 |
| AJAX Enhanced GUI |
Yes |
Yes |
Yes |
|
| Network interfaces (IP Address) configured via GUI |
Yes |
Yes |
Yes |
|
| Restrict configuration access to specified public IP addresses |
Yes |
Yes |
Yes |
|
| Restrict config access to specified local IP addresses |
Yes |
Yes |
No |
|
| Administration users with limited access (eg reports, log viewers, VPN, Guardian web content filtering) |
Yes |
Yes |
No |
|
| Drop down lists of common IP services/ports |
Yes |
Yes |
Yes |
|
| On-line Help appears in a seperate pop-up window |
Yes |
Yes |
Yes |
|
| All rule lists and log files can be sorted by any column |
Yes |
Yes |
No |
C2 |
| Validation of configuration parameters as they are typed |
Yes |
Yes |
Yes |
|
| Infrequently used options exposed by "Advanced" buttons |
Yes |
Yes |
No |
|
| Tooltips |
Yes |
Yes |
Yes |
|
| Realtime display of service status, web proxy stats |
Yes |
Yes |
No |
|
| Config replication between master and slave systems |
Yes |
Yes |
No |
C3 |
| |
| Authentication: |
| Microsoft Active Directory (LDAP) User Authentication |
Yes |
No |
No |
A1 |
| OpenLDAP User Authentication |
Yes |
No |
No |
A2 |
| Novell eDirectory (NDS) User Authentication |
Yes |
No |
No |
|
| Local User Authentication Database |
Yes |
Yes |
No |
A3 |
| RADIUS Authentication |
Yes |
No |
No |
|
| Authentication via Ident client for Microsoft Windows |
Yes |
Yes |
No |
A4 |
| SSL Login page (transparent mode user authentication) |
Yes |
Yes |
No |
A5 |
| Microsoft NTLM User Authentication (including password protected mode) |
Yes |
Partial |
No |
|
| SmoothWall User Groups linked to Active Directory, eDirectory, LDAP user authentication |
Yes |
No |
n/a |
|
| Guardian web access can be controlled by Group (user authentication) |
Yes |
Yes |
n/a |
|
| Guardian web access controlled by IP/IP Address Range/Network Address |
Yes |
Yes |
n/a |
|
| User Internet access controlled by Group (user authentication) or IP Address/IP Address Range/Network Address |
Yes |
No |
n/a |
|
| Inter-zone access controlled by user authentication |
Yes |
No |
n/a |
A6 |
| VPN user access controlled by user authentication |
Yes |
No |
n/a |
A7 |
| Multiple Admin/Configuration Users |
Yes |
Yes |
No |
A8 |
| Login page with configurable login messages and log-out facility |
Yes |
Yes |
No |
|
| |
| Intrusion Detection: |
| Intrusion Detection System |
Yes |
Yes |
Yes |
|
| Intrusion Alert Messages by email or SMS text messages |
Yes |
Yes |
No |
IDS1 |
| |
| Virtual Private Network (VPN): |
| SSL VPN for mobile (Road Warrior) or home users |
Yes |
Yes |
No |
|
| L2TP VPN for mobile (Road Warrior) or home users |
Yes |
Yes |
No |
V3 |
| IPSec VPN for site-to-site network connections |
Yes |
Yes |
Yes |
V1 |
| IPSec VPN for mobile (Road Warrior) or home users |
Yes |
Yes |
No |
V2 |
| Configure which Internet connection each IPSec tunnel should use |
Yes |
No |
No |
|
| VPN Tunnels |
20 (Included) to 500 |
1 (Included) to 100 |
See note |
V4 |
| AES Encryption (256 bit) |
Yes |
Yes |
No |
|
| 3DES Encryption |
Yes |
Yes |
Yes |
|
| x509 Certificate Authentication |
Yes |
Yes |
No |
|
| Certificate Authority included |
Yes |
Yes |
No |
V5 |
| Pre-Shared Key (PSK/Shared Secret) Authentication |
Yes |
Yes |
Yes |
|
| NAT Traversal (NAT-T) |
Yes |
Yes |
No |
V6 |
| VPN secure local (wireless) connection |
Yes |
No |
No |
V7 |
| Logging of Road Warrior VPN connections (with option to send alert messages) |
Yes |
Yes |
No |
V8 |
| PPTP forwarding and pass-through |
Yes |
Yes |
Yes |
|
| |
| Logging and Reporting: |
| Disk logging of all firewall/IDS events, web traffic etc. |
Yes |
Yes |
Yes |
|
| Configure/enable individual logging functions |
Yes |
Yes |
No |
L1 |
| Configure how long log files are retained (day/weeks) |
Yes |
Yes |
No |
L1 |
| Forced log file rotation in the event of low free disk space |
Yes |
Yes |
No |
|
| Log files on RAM disk |
Yes |
Yes |
No |
|
| Log filtering (eg by Source IP/Port, Destination IP/Port) |
Yes |
Yes |
No |
|
| Google-like paginated log file viewers |
Yes |
Yes |
Yes |
|
| All rule lists and log files can be sorted by any column |
Yes |
Yes |
No |
L2 |
| Scheduled report generation / scheduled email reports |
Yes |
Yes |
No |
L3 |
| Outgoing (egress) traffic reporting/analysis |
Yes |
Yes |
No |
L4 |
| Real-time AJAX traffic graphs and log viewers |
Yes |
Yes |
No |
|
| Selectively log blocked traffic |
Yes |
Yes |
No |
|
| Network analysis tool for displaying network traffic info |
Yes |
Yes |
No |
|
| SNMP Support |
Yes |
No |
No |
L5 |
| Remote Syslog support |
Yes |
Yes |
No |
|
| Service availability checking (including systems behind the firewall) |
Yes |
Yes |
No |
|
| Physical hardware monitoring (eg disk status) |
Yes |
Yes |
No |
|
| User designed reports using templates |
Yes |
Yes |
No |
|
| Export log files in multiple formats (csv, tsv, xls etc) |
Yes |
Yes |
No |
|
| Advanced reports in HTML format |
Yes |
Yes |
No |
|
| Multiple report formats (csv, tsv) |
Yes |
Yes |
No |
|
| Reports in Microsoft Excel format |
Yes |
Yes |
No |
|
| Reports in Adobe PDF format |
Yes |
Yes |
No |
|
| |
| DHCP Server: |
| DHCP server support for local (Green) networks |
Multiple |
1 or 2 |
Single |
|
| DHCP server support for DMZ |
Multiple DMZ |
Single DMZ |
No |
|
| View DHCP leases granted |
Yes |
Yes |
No |
|
| Display list of MAC addresses on local/DMZ networks |
Yes |
Yes |
No |
|
| DHCP Relay |
Yes |
No |
No |
|
| NTP, network boot, TFTP and automatic web proxy detection options |
Yes |
Yes |
No |
|
| |
| Miscellaneous: |
| NTP service for computers on local networks/DMZ |
Yes |
Yes |
Yes |
|
| Modularization of core services/components (eg Web Proxy server, DHCP server) |
Yes |
Yes |
No |
M1 |
| Timed/delayed shutdown/reboot |
Yes |
Yes |
No |
|
| Inbuilt ClamAV anti-virus |
Yes |
Yes |
POP3 only |
M2 |
| Network Doctor diagnostic tool |
Yes |
Yes |
No |
|
| |
| Available Modules: |
| Web Security/Content Filtering (SmoothGuardian) |
Yes |
Yes |
No |
|
| Bandwidth Management/QoS (SmoothTraffic) |
Yes |
Yes |
No |
|
| VPN Gateway (SmoothTunnel) |
Integrated |
Integrated |
No |
V1-8 |
| Internet Access Control/Outbound Rules (SmoothRule) |
Integrated |
Integrated |
No |
F3 |
| Incident Alerting and Reporting (SmoothMonitor) |
Integrated |
Integrated |
No |
L3 |
| Support for Multiple DMZ Servers (SmoothHost) |
Integrated |
Yes |
No |
F4 |
| Email Security (Anti-spam/virus and relay) (SmoothZap) |
Yes |
Yes |
No |
|
| |
| System Requirements: |
| Processor |
PIII 500 MHz |
PIII 200 MHz |
Pentium |
S1 |
| Memory |
128 MBytes |
128 MBytes |
64 MBytes |
S2 |
| Hard Disk |
4 GBytes |
4 GBytes |
1 GBytes |
S3 |
| Flash Memory (alternative to Hard Disk) |
256 MBytes |
256 MBytes |
n/a |
S3 |
| |
| Commercial Support: |
| Technical support by Phone and Email from SmoothWall |
Yes |
Yes |
No |
|
| Global support from SmoothWall Reseller Partners |
Yes |
Yes |
No |
|
| Technical Training Courses from SmoothWall Ltd. |
Yes |
Yes |
No |
|
