Cisco Unveils High-Performance Firewall, VPN Appliance

firewall networking

The San Jose, Calif.-based networking powerhouse announced the Cisco ASA 5580 Series, which the vendor is billing as its highest performing security offering. According to Tom Russell, senior director of product management for Cisco's Security Technology Group, the ASA 5580 platform is suited for high performance deployments and features a scalable firewall with up to 20 Gbps of throughput, as well as a 10,000 user remote access concentrator for both SSL and IPSec VPNs, which can support up to 100,000 users with clustering.

Cisco's ASA 5580 Series consists of three offerings: The ASA 5580-40 security appliance, the Cisco ASA 5580-20 security appliance and the Cisco ASA 5580-20 Remote Access VPN Concentrator. The 5580-40, the top-of-the-line model, offers 2 million simultaneous connections, 750,000 security policies and 10 Gbps of firewall throughput that can scale up to 20 Gbps for data-intensive applications like video sharing or storage-area networking. The 5580-20 models can support up to 1 million simultaneous connections and 5 Gbps firewall throughput. All three models deliver connection handling rates of 150,000 connections per second, offer as low as 30 microseconds of latency and can perform in strenuous, mixed-traffic environments.

Russell said combining both IPSec and clientless, portal-based and client-based SSL VPN remote access and firewalling into a single platform can protect a distributed company's central data center site along with remote locations and mobile users. The ASA 5580's VPN deployment model can support all endpoints and user types, including Microsoft Windows Vista, Windows Mobile and other operating environments. Support for clientless and client-based SSL VPNs can accommodate the teleworkers and partners for anytime, anywhere access to data.

Fred Kost, Cisco's director of security solutions, said ASA 5580 is designed to tackle the performance pressures that can be introduced by the massive uptake of Web 2.0 and rich Internet applications. Kost said Web 2.0 applications can create massive connection rates in high speed environments.

Sponsored post

"Serving those up creates a huge increase," he said. "Those are putting performance stress on security." Kost added in some cases companies must decide whether to trade off security to meet business objectives as Web traffic growth begins to challenge security.

In some environments, Kost said, Web applications are left unsecured or security solutions are cobbled together to lock them down, sacrificing performance and increasing complexity. In those instances, it's common that security event monitoring and auditing data are not captured.

Along with offering higher throughput and an increase in the number of connections, the ASA 5580 Series can also ease security event handling in high-performance environments. Russell said ASA 5580 integrates Cisco's NetFlow v9 network telemetry technology through which security events can be sent to a Cisco NetFlow Collector, third party aggregation systems that support NetFlow v9 or, in the future, Cisco Security Monitoring, Analysis and Response System (CS MARS) for advanced security event correlation and reporting.

"Security without visibility is no security at all," Russell said.

The ASA 5580 falls in line with Cisco's other ASA products, Russell said. That allows the option to train on just one device, since the management and policy is consistent across the board.

Susan Don, Cisco's director of channel business development, said NetFlow event logging lets VARs offer their clients a better sense of what's going on in their networks while also allowing them to offer services to collect more information.

One the VPN side, Don said, the ability to support massive numbers of remote connections gives VARs the tools to provide larger-scale solutions to their customers. Also, the ability to support both IPSec and SSL VPN gives VARs a broader client base to target.

"First and foremost, bundling lets partners offer rich services," she said, adding that services can drive profitability in increase rebates.

Ladi Adefala, security practice manager for World Wide Technology, a St. Louis-based solution provider and Cisco partner, said the addition of a high-performance series of ASA appliances will let him hit customers with networking environments too large for the lower models. He said he's seen customers run a number of ASAs to scale to accommodate the large number of users and applications. The introduction of a high-performance model can reduce the number of boxes deployed, ultimately saving money.

"This gives us the ability to go in and come up with a more robust design," he said. "It gives the benefit to a large group of customers, especially on the VPN side."

In the past, Adefala said, customers would have to set limits on VPN connections and limit application access over VPNs when dealing with intensive applications. With ASA 5580, he said, customers don't have to sacrifice security to keep performance.

"Some customers do the best they can security-wise, and leave some applications out because they'd rather have the performance," he said. "It was a trade-off. This will help drive customers to lift those limitations."

In a statement, Mick Scully, vice president of product management for Cisco's Security Technology group, said the ASA 5580 Series falls in line with Cisco's Self-Defending Network Strategy. The data center caliber appliances for VPN and firewalling compliment the recent addition of data center ready intrusion prevention to Cisco's lineup.

"The advent of Web 2.0 applications and a huge increase in the number of connections is driving the need for an increasingly high-powered security infrastructure," Scully said. "Many organizations have been unable to keep up their security posture in the face of burgeoning traffic growth."