Skip to main content

Types of firewalls

Last update:

You can rent two types of firewalls:

Comparison of hardware and virtual firewalls

HardwareVirtual
In what form is it providedRack-mounted, public- and LAN-connected firewallLicensed firewall image.
You self-deploy the image in the product of your choice — on a cloud server, public or private cloud based on VMware
FSTEC certificationType A Certificates (Continent and UserGate models are certified)Type B certificates
Changing the configuration (number of vCPUs, RAM and disk size)Order another model and reset the settingsRe-order service again and change the configuration of the server on which the image is deployed. Re-configuration is not required
Connectivity to the protected infrastructure in one private subnetworkPossible with dedicated servers in the same pool. In other cases it is necessary to use a global router to organize connectivityPossible with cloud servers in the same pool or virtual machines in the same VMware organization. In other cases, you must use a global router to organize connectivity
What is included in the priceHardware firewall with a public addressA firewall image with a license for the selected functionality. The infrastructure on which the image is deployed is charged separately

Hardware firewalls

SelectelFortinet FG-100EFortinet FG-500EUserGate C150UserGate D200UserGate D500Cisco 5508Continent 4 IPC-R550CheckPoint Quantum Spark 1800
DOE Throughput,
Gbps
4,97,4363,818200,567,5
17 for 1518 UDP
IPS bandwidth,
Gbps
0,930,41,820,12525,5
IPSec VPN bandwidth,
Gbps
1,96420314160,17514
SSL-VPN throughput,
Gbps
2,260,255314160,1252
Available interfaces2×1GE RJ4516×1GE RJ458×1GE RJ45
2×10GE SFP
8×1GE RJ455×1GE RJ45
2×1GE SFP
5×1GE RJ45
2×1GE SFP
8×1GE RJ454x1GE RJ45
2x10G SFP
2xCombo RJ45
2xCombo SFP
16×1GE RJ45
FSTEC certification

Virtual firewalls

In order for throughput to reach the claimed values, the server on which the image will be deployed must meet the configuration requirements.

UserGate VE100UserGate VE250UserGate VE500UserGate VE1000UserGate VE2000UserGate VE4000UserGate VE6000
DOE bandwidth, UDP,
Gbps
0,889101111,512
Recommended number of usersup to 100up to 250up to 500up to 1,000up to 2,000up to 4,000up to 6,000
Simultaneous TCP sessions2 000 0002 000 0005 000 0008 000 00016 000 00020 000 00024 000 000
New sessions per second24 000100 000120 000130 000150 000155 000160 000
SSL Inspection,
Gbps
0,050,30,320,350,60,650,7
IPS bandwidth,
Gbps
0,61,31,351,41,82,12,4
Content filtering (when ordering the optional ATP module ),
Gbps
0,151,31,51,82,52,83,1
L7 application control (when the optional ATP module is ordered ),
Gbps
0,71,51,71,82,52,83,1
Stream Anivirus (if you order the Stream Anivirus add-on module ),
Gbps
0,151,31,51,82,52,83,1
FSTEC certification

Configuration requirements

The required parameters of the server on which the corresponding image will be deployed are specified. The server of the selected configuration is not included in the cost of the virtual firewall and is charged separately.

UserGate VE100UserGate VE250UserGate VE500UserGate VE1000UserGate VE2000UserGate VE4000UserGate VE6000
10/100/1000Base-T portsup to 8up to 8up to 8up to 8up to 8up to 8up to 8
10GBase SFP+ portsUp to 8 when using VMXNET3 virtual adapters
Number of vCPUs24681624up to 32
RAM,
GB
881616323264
Disk,
GB
100300300300300300500

UserGate VE add-on modules

Additional modules allow you to extend the functionality of UserGate VE firewall to include advanced traffic filtering and protection from external threats.

Additional modules are not included in the image price and are charged additionally. You can add them when ordering a firewall or add them to an existing firewall by creating a ticket.

Fault tolerance clusterSolution for assembling two nodes into a fault-tolerant cluster in Active-Passive mode
Advanced Threat Protection (ATP)Content and Internet traffic filtering based on morphological analysis in accordance with the requirements of Russian legislation, blocking advertising and controlling access to social networks
Stream Antivirus (AV)Checks traffic for malicious code by analyzing the signatures of received files and applications. It allows blocking the bulk of malicious files and has virtually no impact on system performance. Information from various computer incident response centers, including the Bank of Russia's FinCERT and the NCCI's GOV-CERT, is used in developing the rules
Mail SecurityProtection of e-mail from spam and viruses. Filtering is performed in several stages — by connections, source address, destination address, and e-mail content. The IP address of the spam sender's SMTP server is blocked at the stage of creating an SMTP connection, which allows to unload other methods of checking e-mail for spam and viruses