The most significant innovation is the hardware acceleration of intrusion detection and prevention (IPS) functions in the UserGate FG platform using an FPGA-based coprocessor. Today, this is the first instance of hardware IPS acceleration in Russian NGFWs. The firewall speed with stateful session control (FW L3/L4) and IPS is up to 25 Gbps on EMIX traffic. The platform is made in a 1U form factor and has sixteen SFP+ 10 Gbps interfaces and two QSFP28 100 Gbps interfaces, as well as two power supplies and six fans with hot-swap capability. The first deliveries of UserGate FG began in November 2024.
Another innovation in UserGate NGFW 7.3 is the redistribution of BGP and RIP dynamic routing protocols in OSPF and vice versa. This function is for truly large networks, as BGP and RIP are often used for external dynamic routing, and OSPF is used for internal routing.
Another innovation is the implementation of NAT and SNAT rules with a condition on users and their groups. For example, with this function, you can now distribute the traffic of different departments of an organization to different public addresses, based on memberships in directory groups, such as Microsoft Active Directory.
The new version of UserGate NGFW also implemented support for QSPF28 100 Gbps cards for UserGate D200, D500, E1000, E3000 and F8000 hardware platforms, as well as next-generation UserGate E1010, E3010 and F8010 platforms, the official sales of which will begin in the coming weeks.
Another new feature of UserGate NGFW 7.3 is the ability to configure the allowed MSS (Maximum Segment Size). This function is of great importance for optimizing traffic transmission through a chain of devices from different manufacturers, as in certain conditions there were cases of traffic degradation due to the limitation of the MSS size. Now such cases can be easily resolved directly in the UserGate NGFW interfaces.
Among the changes aimed at improving the usability of NGFW is the ability to create tags for firewall and content filtering rules, setting actions for signature filters in IPS profiles, as well as improvements and optimization of the web interface.
Also, UserGate NGFW 7.3 implements more than sixty other improvements and fixes, including for the failover cluster, IPS, VPN, Proxy, VLAN, BGP, PBR, DHCP and the centralized management system.