RealTime IT News

Cisco Pushes Big Firewall For Big Business Needs

Large and geographically dispersed enterprises seeking to tame their network security face difficulties far bigger and more complex than those confronting smaller firms.

What's the solution? A security offering that's massive enough to handle big enterprise problems.

That's the thinking behind Cisco's new ASA 5580 firewall security appliance, which is the new high-end firewall device from the networking behemoth. In addition to firewall capabilities, the ASA 5580 also provides both IPsec and SSL VPN features.

The ASA 5580 is the latest offering in the ASA 5500 product line that debuted back in February 2006.

The pure performance capability of the ASA 5580 stands as a key differentiator for the new product, which sits at the high end of the enterprise spectrum. Cisco claims that the ASA 5580 can handle up to 20 gigabits per second (Gbps) of throughput, two million simultaneous connections and 750,000 security policies.

Though the ASA 5580 is a high-performance appliance, raw speed isn't what Cisco expects will give it the edge in the highly competitive firewall security market.

"What's really important about performance is that it's not just about raw speed anymore," Cisco product manger Tom Russell told InternetNews.com.

"You need to look at how many transactions are really occurring ... the depth of security polices that are required [and] latency issues, and then come out with a device that looks at the multiple of what performance issues are," he said.

Reporting is one issue typically encountered by high-performance networks. Russell argued that security has often taken a back seat to business requirements. Plus, at 10-Gigabit Ethernet connection speeds, with thousands of users per second, the logging effort is often a technical challenge.

Now, with the ASA 5580, Cisco is expanding its NetFlow network telemetry technology to handle the device's speeds and scale.

"You can finally enable secure logging in high-performance environments and not overrun the system or collectors to capture the data," Russell said. "You don't lose any visibility of security events and get much more efficient handling."

With greater power, Cisco expects that the ASA 5580 will also help in power reduction efforts, assisting enterprises in their own "green" efforts. For instance, Russell said the ASA 5580 can provide up to 50 virtual firewalls, so an enterprise could consolidate departmental and other internal firewall deployments into a single device.

Though the ASA 5580 is only now being officially announced, Cisco already has at least one taker -- Del Monte Foods.

During Cisco's Webcast announcing the ASA 5580, Dennis Tokarski, Del Monte's telecommunications and network operation manager, explained that his company faced difficulties in extending its network to third-party suppliers and partners.

Until now, access to Del Monte's network was what Tokarski described as a "free-for-all". But with the ASA 5580, he said he now expects to be able to provide secure access limited to just what the partners need.

Tokarski added that Del Monte wound up choosing Cisco after examining the top five firewall vendors.

"We selected the ASA because of its ability to fit into our environment," he said. "We're looking to utilize the SSL VPN that the ASA offers and want to provide users with a better experience to using the network, no matter where they are."

Cisco expects that the ASA 5580 will be widely available in March.