**Firewall/IPS/IDS mode - Identity-based firewall - Application detection and management - Microsoft Services Firewall - Industrial firewall/IPS/IDS

• Industrial application control - Detection and control of the use of mobile terminals - Application inventory (option) - Vulnerability detection (option) - Geolocation (countries, continents)
• Dynamic Host Reputation - URL fltering (embedded database or cloud mode) - Transparent authentication (Active Directory, SSO Agent, SSL, SPNEGO) - Multi-user authentication in cookie mode (Citrix-TSE) - Guest and sponsorship mode authentication.**

PROTECTION FROM THREATS

**Intrusion detection and prevention - Protocols autodetection and compliancy check - Application inspection - Protection from denial of service attacks (DoS) - Protection from SQL injections

• Protection from Cross-Site Scripting (XSS)
• Protection from malicious Web2.0 code and scripts (Clean & Pass) - Trojan detection - Detection of interactive connections (botnets, Command&Control) - Protection from data evasion - Advanced management of fragmentation
• Automatic reaction to attack (notification, quarantine, block, QOS, dump) - Antispam and antiphishing: reputation-based analysis, heuristic engine - Embedded antivirus (HTTP, SMTP, POP3, FTP) - SSL decryption and inspection - VoIP protection (SIP) - Collaborative security: IP reputation, Cloud based Sandbox on the European territory (option).**

CONFIDENTIALITY

Site-to-site or nomad IPSec VPN - Remote SSL VPN access in multi-OS tunnel mode (Windows, Android, iOS, etc.) - SSL VPN agent with automatic configuration (Windows) - Support for Android/ iPhone IPSec VPN.

NETWORK - INTEGRATION

**IPv6 - NAT, PAT, transparent (bridge)/routed/hybrid modes - Dynamic routing (RIP - OSPF - BGP) - Multiple link management (balancing, failover) - Multi-level internal or external PKI management

• Multi-domain authentication (including internal LDAP) - Explicit proxy - Policy-based routing (PBR)
• QoS management - DHCP client/relay/server - NTP client - DNS proxy-cache - HTTP proxy-cache
• LACP management - Spanning-tree management (RSTP/MSTP).**

MANAGEMENT

**Web-based management - Interface with privacy mode (GDPR compliant) - Object-oriented security policy - Contextual security policy - Real-time configuration helper - Rule counter - Multiple installation wizards - Global/local security policy

• Embedded log reporting and analysis tools - Interactive and customizable reports - Support for multiple syslog server UDP/TCP/TLS - SNMP v1, v2c, v3 agent - IPFIX/NetFlow - Automated configuration backup - Open API - Script recording.**