SonicWall and WatchGuard are rolling out next-generation firewalls at Interop 2011. Both companies say the devices can identify applications based on telltale signatures and apply granular usage policies, providing comprehensive control over applications on the network, such as Web-based apps.
For example, the marketing department could be allowed to access Facebook to run campaigns and monitor customer sentiment, but not to play games such as "Mafia Wars" or "FarmVille." Other departments could be allowed access at lunchtime or during off-work hours. By contrast, traditional stateful inspection firewalls can only allow or deny network access based on port and protocol use; if a firewall allows HTTP, it must allow every app that uses that protocol. The next-generation firewall concept of application signatures was pioneered by Palo Alto Networks but has become more widely adopted in the security market.
The SonicWall NSA E8510 is the latest entry in SonicWall's next-generation firewall line. It's a 1U device with a potential throughput of 10 Gbps. The firewall's application intelligence feature uses deep packet inspection and signatures created by SonicWall to identify specific applications. The company says it has 3,500 application signatures at present. The firewall can also allocate bandwidth to ensure that nonbusiness apps don't consume too much bandwidth.
The NSA E8510 offers multiple functions, including intrusion prevention and anti-malware capabilities, in addition to the application intelligence feature. The various features will affect throughput: Running in stateful inspection mode, the E8510 can sustain 8 Gbps, SonicWall says. Running full application intelligence and intrusion prevention drops that rate to 2.2 Gbps.
SonicWall also announced a WAN acceleration product line, WXA. Available as appliances that connect directly to the NSA E8510 and other SonicWall security appliances, the WXA line performs TCP acceleration to reduce traffic between branch offices and headquarters. The WXA can also cache Windows-based files. As with other WAN optimization products, a WXA device must sit at both ends of the connection and be connected to a SonicWall security appliance.
WatchGuard Technologies also launched a next-generation firewall at Interop. The XTM 2050 provides multiple security features, including application intelligence for fine-grained control over application access and use on the network. WatchGuard licenses its application signature database of 1,800 applications from BroadWeb.
The new firewall also includes IPS capabilities to prevent exploits, IPSec, and SSL VPN, and bandwidth control. WatchGuard says the firewall offers throughput of up to 20 Gbps for stateful inspection firewall, and 10 Gbps for application intelligence and IPS. The product starts at $39,995 and will ship in June.