The most significant innovation is the hardware acceleration of intrusion detection and prevention (IPS) functions in the UserGate FG platform using an FPGA-based coprocessor. To date, this is the first instance of hardware IPS acceleration in Russian NGFWs. The firewall speed with stateful session control (FW L3/L4) and IPS is up to 25 Gbps on EMIX traffic. The platform is made in a 1U form factor and has sixteen 10 Gbps SFP+ interfaces and two 100 Gbps QSFP28 interfaces, as well as two power supplies and six fans with hot-swap capability. The first deliveries of UserGate FG began in November 2024.
Another innovation in UserGate NGFW 7.3 is the redistribution of dynamic routing protocols BGP and RIP into OSPF and vice versa. This is a function for truly large networks, as BGP and RIP are often used for external dynamic routing, and OSPF for internal routing.
Another innovation is the implementation of NAT and SNAT rules with a condition on users and their groups. For example, with this function, it is now possible to distribute traffic from different departments of an organization to different public addresses, based on memberships in directory groups, such as Microsoft Active Directory.
The new version of UserGate NGFW also implemented support for QSPF28 100 Gbps cards for UserGate D200, D500, E1000, E3000 and F8000 hardware platforms, as well as the next-generation UserGate E1010, E3010 and F8010 platforms, the official sales of which will begin in the coming weeks.
Another new feature of UserGate NGFW 7.3 is the ability to configure the allowed MSS (Maximum Segment Size). This function is of great importance for optimizing traffic transmission through a chain of devices from different manufacturers, since in certain conditions there were cases of traffic degradation due to the limitation of the MSS size. Now such cases can be easily resolved directly in the UserGate NGFW interfaces.
Among the changes aimed at improving the usability of NGFW is the ability to create tags for firewall and content filtering rules, setting actions for signature filters in IPS profiles, as well as improvements and optimization of the web interface.
Also, UserGate NGFW 7.3 implements more than sixty other improvements and fixes, including for the failover cluster, IPS, VPN, Proxy, VLAN, BGP, PBR, DHCP, and the centralized management system.