It allows you to work with incoming and outgoing traffic flows rather than focusing on interfaces. The system supports both IPSEC and High Availability. It is also possible to manage HA from the GUI. It also has an anti-spoofing function. There is also a log watch function where you can apply filtering. Logging is controlled per rule.
You can turn logging on or off for a rule on the fly, and there is built-in protection against log flooding. All firewall changes are made without interrupting already established connections. There is also support for traffic marking (mangle), for when you are working with QOS (bandwidth management) and advance routing such as policy-based routing. You can also add your own commands.