1. Inspects HTTP/HTTPS input and blocks SQL injection, XSS, and path traversal attacks — deployed as a reverse proxy in front of web servers; required by PCI DSS for cardholder data environments
2. Bundles firewall, IDS/IPS, URL filtering, malware scanning, spam filtering, VPN endpoint, and bandwidth shaping into a single all-in-one appliance — designed for simplified management, primarily Layer 4 operation
3. Performs deep packet inspection at Layer 7 to identify the actual application regardless of port number — can distinguish YouTube viewing from YouTube uploading on the same port; integrates IPS and URL categorization
4. Makes forwarding decisions based on OSI Layer 3–4 headers (IP address and port number) — does not inspect packet payload; includes NAT and site-to-site VPN functionality