I recently found out that Link Protection, a feature that in my opinion belongs to a modern spam filtering solution, is only available with the cloud protection layer. The NG firewall, however, can do Link Protection. But the NG is not an MTA. When I was in Alpbach the last time one of the speakers explictily warned to use LP on the NG because of this reason. If I am using a sophisticated spam filter on-prem (which is a must in my case) solution I do not see any reason to split spam related security features onto two devices! This raises administrative overhead and makes delegating tasks to internal staff/helpdesk way more complicated as it should be.
@Barracuda: is there any explanaiton for that, except that you want to sell subscriptions? This is so ridiculous in my opinion, I am tempted to delete my current eval and go for something else.
I would love to get some feedback here from some PM.