WatchGuard

Most well known commercial firewall provides fast, stateful packet filtering, but little more. WatchGuard has always felt a firewall can, and should do packet inspection to protect networks. To this day, the single most effective technique for preventing infected e-mail attachments or web downloads is to inspect and block this content based on mime signatures and file types. WatchGuard accomplishes this using advanced application layer proxies.

The limitation of this approach is that content blocking is global, all or nothing for a specific content type. This can lead to frustration on the part of end users as they are unable to receive legitimate file attachments.

New features:
GAV option provides true AV scanning of e-mail attachments that have passed the application layer content type block. The firewall can now distinguish a good attachment from bad.

Fireware Pro

Enhanced application layer proxying, HTTP client and server settings;
Policy cloning preserves specific settings as a reusable template.
Policy scheduling