SonicWALL Unveils Line Of High-Performance Multicore, Next-Gen Firewall Appliances

SonicWALL has announced a series of four high-end multicore, next-generation firewall appliances, topping out at a 96-core behemoth with clustering options for up to 384 cores. The appliances leverage SonicWALL's deep packet inspection (DPI) capabilities to apply application intelligence and user identity for fine-grained policy and rule creation, as well as bandwidth and application usage control. The announcement was made at the RSA Conference today.

SonicWALL claims that the high-end box in the SuperMassive 10000 series, the E10800, delivers 40Gbps firewall throughput and more than 30Gbps for application control and IPS in the full 96-core configuration. The current top-of-the-line SonicWALL appliances feature a maximum of 16 cores.

SonicWALL says it expects the new appliances to, at first, appeal primarily to universities and government agencies. However, Gartner analyst Greg Young says that although SonicWALL has made a major push into the enterprise market in recent years, its primary appeal is still in the SMB space. He believes that carriers and ISPs are the likely primary market for the powerful new appliances.

"The higher-end non-enterprise market, the new market created by cloud services providers,  needs security hardware at the higher end," he says. "A lot of the speed and ease of configuration that SMBs would like carry over with them."

All four new appliances use SonicWALL's DPI application intelligence capability, allowing organizations to assign policies based on applications and users/groups by syncing with Active Directory and other directories, rather than simply by port and protocol as is typical of network firewalls. In addition to security, admins can control bandwidth based on application and group, throttling or blocking traffic according to business needs and current traffic.Organizations can monitor individual and overall application usage. They can also use the firewalls to enforce acceptable use policies and productivity, limiting or banning, for example, access to social networking applications and streaming video.

The concept is somewhat analogous to URL filtering for acceptable use and productivity. Application intelligence in firewalls, introduced by Palo Alto Networks, has "shifted the entire firewall market, which was in danger of becoming commoditized," says Young.

It has been a big boost for the IPS market and has produced much better IPS capabilities in firewalls. Generally, Young said, firewall appliances have a five-year lifespan, so there's about a 20 percent addressable market for next-gen purchases each year.

The 10000 series offers IPS and anti-malware detection as well as firewall capabilities. Large organizations, however, are not likely to run multiple security capabilities on single high-end boxes, Young says.

The unified threat management (UTM) market is still almost exclusively focused on SMBs and branch office deployments. SonicWALL claims 10Gbps with anti-malware enabled on the E10800.
 
An active full mesh cluster of four appliances will produce 160Gbps firewall throughput, 80 Gbps with IPS and application intelligence and 40Gbps with anti-malware. Organizations should evaluate performance in their own production environments, as each will vary based on user practices, the complexity of the mix of applications, the use of SSL and how aggressively IPS is applied."It's caveat emptor," Young says. "You have to size boxes carefully. It really is an engineering exercise." As a rule of thumb, he says, expect 50 percent performance with IPS turned on, perhaps as low as 30 percent.

The four appliances start with the E10100, with 12 processing cores and 12 additional integrated cores for high availability. The E10020 has 24 processing cores; the E10400 48 processing cores and the E10800 has 96. The E10010 will be available in late first quarter, early second quarter; the other three boxes will be available in late Q2. Pricing is not yet set, but a fully loaded E10800 will likely be between $300,000 and $400,000 including service and support, and the E10100 will cost less than $100,000 according to SonicWALL.

See more on this topic by subscribing to Network Computing Pro Reports Research: 2010 Strategic Security Survey (subscription required).