With the early April introduction of its 5200 and 5400 integrated security devices, Netscreen believes it has become the first security vendor to offer “virtual” partitioning of its hardware in a way that will enable service providers to configure unique managed security packages for up to 500 distinct customers over one, $99,000 box.
The upper limit of the 5400’s capacity lies with a 15gbps “backplane” switching fabric inside the box that uses graphically configurable virtual local area networks (VLANs) to interconnect various combinations of firewall, VPN and other processing hardware modules along with management modules.
However, the big leap for Netscreen’s managed service provider customers lies with the 5000 family’s ability to partition the physical box into virtual packages of firewall, VPN, denial of service (DOS) attack detection and other services, each with policies configured uniquely per customer, says Chris Roeckl, director of corporate marketing. Carriers and other managed security service providers “can use this for peering connections to other service providers and/or to deploy managed services from that same platform,” he says. “If one customer of the service provider’s hosting services wants security, the service provider can segment that off with a VLAN. A Virtual System is defined by a virtual interface and security policies assigned to each of up to 500 customers, and if a customer wants to deny certain traffic types, you can configure that per virtual interface, and then do the accounting, policy enforcement and other management applications around that.”
According to Roeckl, one unnamed carrier has ordered 5200s to secure its VoIP networks where the carrier is long-hauling traditional circuit-switched telephone calls and call-control traffic over its IP backbone. He says cable broadband providers including Cox Communications Inc. (www.cox.com) and AOL Time Warner Inc. (www.aoltimewarner.com), as well as “some incumbent” telephone carriers, are also showing interest. In the 2.5G and 3G wireless data space, Netscreen will work with its Netscreen 500 partner, Ericsson (www.ericsson.com), to prepare the 5000 family for network peering points as that market emerges.
In terms of wire-speed security processing, the 5200 claims to process firewall operations at up to 4gbps and and virtual private network access at up to 2gbps. The 5400 promises firewall operations at up to 12 gbps and VPN access at up to 6gbps, up from 2gbps and 1gbps, respectively, in the Netscreen 1000 box introduced two years ago. According to Roeckl, service providers will find that both boxes achieve these speeds even for the small packets associated with IP VPNs deployed for corporate packet voice intranets.
“A main point here is flexibility and programmability—physical and virtual—with the openness to introduce new features through flexible introduction of new hardware modules,” Roeckl says. “Most customers want to start with VPN, then move to firewall, intrusion detection, vulnerability assessment and other features that require more sophistication.”
