Datasheet
4
SSG320M SSG350M
Firewall
Network attack detection Yes Yes
DoS and DDoS protection Yes Yes
TCP reassembly for fragmented packet protection Yes Yes
Brute force attack mitigation Yes Yes
SYN cookie protection Yes Yes
Zone-based IP spoofing Yes Yes
Malformed packet protection Yes Yes
Unified Threat Management
(3)
IPS (Deep Inspection firewall) Yes Yes
Protocol anomaly detection Yes Yes
Stateful protocol signatures Yes Yes
IPS/DI attack pattern obfuscation Yes Yes
Antivirus Yes Yes
Signature database 200,000+ 200,000+
Protocols scanned POP3, HTTP, SMTP, IMAP, FTP, IM POP3, HTTP, SMTP, IMAP, FTP, IM
Antispyware Yes Yes
Antiadware Yes Yes
Anti-keylogger Yes Yes
Instant message AV Yes Yes
Antispam Yes Yes
Integrated URL filtering Yes Yes
External URL filtering
(4)
Yes Yes
VoIP Security
H.323 ALG Yes Yes
SIP ALG Yes Yes
MGCP ALG Yes Yes
SCCP ALG Yes Yes
NAT for VoIP protocols Yes Yes
IPsec VPN
Concurrent VPN tunnels 500 500
Tunnel interfaces 100 300
DES (56-bit), 3DES (168-bit) and AES (256-bit) Yes Yes
MD-5 and SHA-1 authentication Yes Yes
Manual key, IKE, IKEv2 with EAP, PKI (X.509) Yes Yes
Perfect forward secrecy (DH Groups) 1,2,5 1,2,5
Prevent replay attack Yes Yes
Remote access VPN Yes Yes
L2TP within IPsec Yes Yes
IPsec NAT traversal Yes Yes
Auto-Connect VPN Yes Yes
Redundant VPN gateways Yes Yes
User Authentication and Access Control
Built-in (internal) database - user limit 500 500
Third-party user authentication RADIUS, RSA SecureID, LDAP RADIUS, RSA SecureID, LDAP
RADIUS Accounting Yes – start/stop Yes – start/stop
XAUTH VPN authentication Yes Yes
Web-based authentication Yes Yes
802.1X authentication Yes Yes
Unified Access Control enforcement point Yes Yes
Specifications (continued)