The ASA 5585X, combining firewall, VPN and IPS, features 350,000 connections per second and up to 10,000 concurrent VPN sessions in a 2 RU chassis. Cisco claims 20Gbps multi-protocol throughput. The performance numbers are for firewall and VPN only. Intrusion prevention features will have an impact of performance, which representatives acknowledged, but there were unable to say what the impact is. It's typical for vendors of multi-function firewalls to not state IPS performance since deep-packet inspection can be resource intensive.
Bigger and better security appliances are to be expected as enterprises demand security that can keep pace with their mission-critical data centers, said Jonathan Penn, VP and director of security for Forrester research. "You've got to support more connections per second, greater throughput, and even more functionality on device," he said. "It's nothing revolutionary; I don't think it fits into any broad strategy. The bar keeps moving up."
The 5585X is one of the cornerstones of Cisco's Secure Data Center strategy. The 5585X follows last month's announcement of Virtual Security Gateway (VSG), a virtualization-aware firewall product that dynamically manages policy for VMs through the creation of security zones in a VMware environment.
Cisco has also announced version 3.0 of it remote access client, Anyconnect. Anyconnect now supports both SSL and IPsec VPN protocols, something other VPN products from vendors such as Juniper have done for a while. Supporting both SSL and IPsec gives IT more flexibility in VPN deployment.