Raising the high end of its product line and boosting the performance threshold of its devices, firewall and virtual private network (VPN) vendor NetScreen Inc. announced the release of two new appliances, the NetScreen 5200 and NetScreen 5400.
The devices, built around NetScreen's new GigaScreen II ASIC (Application-Specific Integrated Circuit), can handle up to 12G bits per second (bps) of firewall traffic and up to 6G bps of VPN traffic, NetScreen claims. The 5000 series is aimed at very large enterprises, carriers and service providers, said Jeff Wenker, public relations manager for NetScreen, which is located in Sunnyvale, California.
Both devices can perform packet and content inspection on standard size and small packets, the kind of packets used in Voice over IP and other applications, Wenker said. Other firewall/VPN devices take a substantial performance hit when doing small packet inspection, but, thanks to the GigaScreen II, the NetScreen 5000 series devices perform faster, he said.
The 5200, which is immediately available worldwide, offers up to 8 Gigabit Ethernet ports or 2 Gigabit Ethernet and 24 Fast Ethernet ports, Wenker said. The device is 2U high (approximately 9 cm or about 3.5 inches) and offers up to 4G bps firewall throughput and up to 2G bps VPN performance, he said. The device costs US$99,000.
The 5400 will be available in the third quarter of 2002 and will offer up to 78 Gigabit and Fast Ethernet ports, he said. The 5U high device boasts up to 12G bps firewall speeds and up to 6G bps VPN throughput, he said. The device has not yet been priced, Wenker added.
Both devices can be managed through either a Web-based management console or a command line interface, he said. Support for the devices will be added to the company's enterprise-class management console Global Pro at the beginning of the summer, he added.
The heart of the 5000 series boxes is the GigaScreen II ASIC, Wenker said. The GigaScreen II is the third ASIC created by NetScreen since its founding and is "a full-blown security processor," he said. Instead of having security co-processors and accelerators as have been used in the past, the GigaScreen II can have all traffic routed through it, rather than through a device's CPU (central processing unit), where the packet processing will take place, he said.
The ASIC can be scaled using multiple chips, with each individual chip offering 2G bps of firewall processing and 1G bps of VPN power, he said. Wenker expects that the GigaScreen II will be able to drive NetScreen's product line for a few years. "I think it's pretty clear that this is the right way to be going," he said.