GateMAN 3506 firewall is a plug and play device and a really transparent (wire level) frame inspector with maximum throughput. Its installation is as easy as an ordinary Ethernet switch. After installation, all IP packets with wrong checksums will be dropped. All TCP connections will be checked, from the checksum to the state transition and sequence numbers of TCP sessions. If configured, the logs about all fetched URLs, Email senders/recipients, FTP users and commands, besides hundreds of statistical information will be sent to the log collector system. Logs of GateMAN 3506 are sent by a special purpose protocol which will not be saturated by SPAM and/or junk Sync floods. GateMAN 3506 is a 6-ports , layers 2-7 switch with many advanced features¹ including²:

1. Six 10/100 TX Ethernet ports.
2. 16x2 characters LCD panel for system information reporting and limited setup.
3. Serial port console with full setup capabilities.
4. 19 inches rack mountable chassis with 1U height.
5. Traffic shaping features including:
   
   
   1. Frames per second limit on in/out frames per port
   2. Frame drops per port statistics
   3. Bytes dropped per port statistics
   4. IP, ARP, Reverse ARP, IPX, PUP, Loop back, and RAW frame type filtering (e.g. “allow NO IPX frames to come in from port 6” or “allow frames with type 0x805 to go out from port 4³”, etc).
   5. Current/Max so far Frames/Bytes per second in/out statistics per port with capability to reset the statistics
   6. Per port queue with statistics on queues (e.g.: “Max number of frames queued on port number 5 so far”) with capability to reset the values
   7. Per port queue length adjustment capability
    
6. Full layer three, packet filtering with automatic IP checksum control.
7. Tight TCP stateful inspection including:
   
   
   1. TCP sequence number checking and tracing
   2. Sync/Ack/Fin state transition and violation control
   3. TCP checksum checking
   4. Out of sequence TCP packet alignment
   5. Per TCP connection bandwidth limitation
   6. DDos attack per destination control and protection
   7. Port scan reporting and limitation
    
8. Application layer protocol monitoring and violation control for Telnet, SMTP, FTP, and HTTP (e.g.: invalid HTTP requests cause TCP connection termination).
9. URL filtering with user defined URL databases to filter domains, sub-domains, directories in sites.
10. White list URL databases.
11. Per entry URL database classification to let administrator classify sites in more than 64000 classes.
12. Regular expression matching with space for 100 regular expressions to match with HTTP requests.
13. SMTP session filtering based on entries defined in databases of username, domain name, user@domain.
14. Plug and play installation as any industry standard Ethernet switch.
15. GUI based setup programs for Windows™ and Linux™.
16. Ultra fast log protocol with additional free software to manage the logs for months and make reports (requires a computer to collect the logs – not supplied).
17. IPSec support.
18. NAT/PAT/MAT (MAC Address translation) support.
19. IP/MAC database as source and/or destination in rules.
20. Operation Temperature: 0 ~ 50
21. Color: Dark Blue
22. Dimensions: 431(W)x44(H)x250(D)mm