DMZ (Demilitarized Zone) implemented for public servers such as :
web server, mail server, DNS server, FTP server, …
Armed against following attacks:
•DOS attacks (Denial of Service)
- Ping of Death attacks
- SYN Floods
- UDP Floods
•IP Spoofing attacks
SNAT, DNAT support
IPV6 tunnel traffic support
IPSEC protocol compatible
Transparent cache support
Port forwarding enabled by DNAT ( for internal services )
Internal zone in depth protection
•Deny internal zone pings
•Block port scanning
•Block traceroutes
•Stop SMB traffic going out
Drop unwanted traffic
•Ignore ICMP bogus error messages
•Ignore responds to broadcast pings
•Kill timestamps
•Drop invalid packets
•Drop unwanted TCP,UDP port connections
• State-of-the-art Adaptive Security Algorithm (ASA) and stateful inspection
firewalling
• Support for up to 2 ethernet interfaces ranging from , 10/100 Fast Ethernet
• Stateful firewall failover capability with synchronized connection
information and product configurations
• True Network Address Translation (NAT) as specified in RFC 1631
• Port Address Translation (PAT) further expands a company’s address pool-one
IP address supports more than 64,000 hosts
• Support for IPsec and L2TP/PPTP-based VPNs
• Support for broad range of authentication methods via TACACS+, Radius
• Flood Guard and Fragmentation Guard protect against denial of service attacks
• Extended authentication, authorization, and accounting capabilities
• Ability to customize protocol port numbers
• Enhanced customization of syslog messages