Advanced Networking Capabilities
Our next-generation firewall portfolio provides a range of interface options (up to 100 Gbps) and densities, including those provided by high-capacity chassis platforms. Scaling is supported via link aggregation (LACP) and multipathing (ECMP). Visibility is provided by LLDP, and QoS supported via bi-directional DSCP.
Multicast is supported via PIM-SM, PIM-SSM and IGMP, and several Network Address Translation (NAT) options are also supported for a variety of use cases. NAT is controlled by policy in our next-generation firewalls (the number of NAT rules allowed varies by firewall). Our firewall also supports DHCP server capability, including user-defined DHCP options (RFC 2132).
Tunnel Content Inspection
The firewall can inspect the traffic content of cleartext tunnel protocols: Generic Routing Encapsulation (GRE) and non‐encrypted IPSec traffic. This enables you to enforce Security, DoS Protection, and QoS policies on traffic in these types of tunnels and traffic nested within another cleartext tunnel (for example, Null Encrypted IPSec inside a GRE tunnel).