The EdgeForce firewall with Performance Module 1 enabled incorporates a flexible demilitarised zone (DMZ) via a third port. This gives the ability to host public servers (email, FTP and web) from behind the firewall, and with this feature, non-authenticated access to servers behind the firewall can be granted, yet the private network itself is still completely shielded from the internet.
The DMZ also stops private network users if they inadvertently try to put sensitive data on servers that are accessible to the public.
Throughput rate can be tailored to be 75, 100 or 150Mbps full duplex, supporting 16, 30 or 50 thousand sessions, and vetted by 1,000, 2,000 or 4,000 policies.
The base unit firewall supports 75Mbps, 16,000 sessions and 1,000 policies. The 'professional' module adds a 20Gb hard drive and several extra features, including web caching and URL filtering. On the base unit there is no limit to the number of nodes; and static or dynamic, NAT or PAT modes, plus transparency, prevail.
The EdgeForce firewall incorporates McAfee's anti-virus engine within the appliance, so that virus scanning is provided at the firewall point itself. This can be seen as an additional layer of security, quite apart from virus scanning already incorporated within the network inside the firewall.
All internal IP addresses are secure within the firewall, and will not be compromised to the outside, even if NAT mode is used (whereby outside traffic can reach internal stations).
There are currently a full 28 methods of detecting denial-of-service (DoS) attacks and the developer will update firmware to recognize newly discovered attacks. The firewall is said to support MAC-IP binding, which means that MAC addresses are locked with network-assigned IP addresses, making source IP address spoofing (a technique often used in DoS attacks) virtually impossible.
The local network behind the EdgeForce firewall is safe, as the data inside the firewall is ring-fenced so that it is protected from signals beyond the firewall outside any VPN tunnel. A remote station is safeguarded even as it connects with the external world, exactly as if it is within the cluster protected within the firewall.
With Performance Module 1, VPN throughput rises to 30Mbps through up to 500 tunnels, and with Performance Module 2 it rises to 40 Mbps through up to 1,000 tunnels.