Not an appliance but WanGaurd might be a good match as well. We're
currently evaluating it.
WANGuard is great for detection but WANFilter failed my tests.
I couldn't filter a 700mbit SYN flood. The best it did was to completely block TCP/80. It uses netfilter to block Layer3 attacks.
It does have ACL support for some Intel NICs, but it doesn't use it near enough.