F5 Fuses Firewall & VPN

F5 Networks Inc. (Nasdaq: FFIV) gave a glimpse of its future product roadmap today, unveiling a new high-end FirePass SSL VPN device combined with its first TrafficShield application firewall (see F5 Delivers Firewall, SSL VPN Solution).

The Seattle-based vendor acquired the FirePass technology when it bought remote-access specialist URoam last year; TrafficShield was pioneered by firewall vendor MagniFire, which was snapped up by F5 in June (see F5 Buys uRoam, Reports Strong Q3 and F5 Acquires MagniFire).

The new FirePass 4100 usurps the existing 4000 product as F5s high-end SSL VPN device, and unlike the two-port 4000, comes with four 10/100/1000 copper Ethernet ports fitted as standard.

F5 execs are putting the 4100 up against Aventail Corp.’s EX-1500 device and Juniper Networks Inc.'s (Nasdaq: JNPR) Secure Access 5000 product. The EX-1500 comes with three ports although this can be scaled up to six. Juniper’s SA-5000 comes with two Ethernet ports fitted as standard.

The additional ports give users a greater degree of flexibility, according to Jeff Wilson, principal analyst at Infonetics Research Inc. “It’s good to see that F5 is thinking about the different requirements out there -- it gives people more options on how they deploy the boxes.”According to F5, the 4100’s multiple ports enable enterprises to handle their network traffic more effectively. For example, one port can be used for external traffic and another for a firm’s virtual local area network (VLAN). The third and fourth ports could be used for a secure "quarantine network" and for a partner’s demilitarized zone (DMZ), an area of the network between the Internet and a firm’s intranet.

Throughput on the 4100 is up to 300 Mbit/s of SSL data, according to F5, although this figure is yet to be independently benchmarked.

With mobile networking on the rise, F5 also extended the range of support offered by the FirePass with a software upgrade. In May, F5 moved to widen the product’s potential market by enabling Mac and Linux clients to handle any IP application (see F5 Fortifies SSL VPN Security). Today’s announcement extends this even further, adding support for PocketPC and other PDAs such as Hewlett-Packard Co.'s (NYSE: HPQ) iPAQ and Toshiba Corp.'s (Tokyo: 6502) e800 devices.

F5 is also combining the new TrafficShield application firewall with the 4100 device. Jeff Pancottine, senior vice president of F5’s security business unit tells NDCF the company is planning to combine its product lines over the coming months to build an all-singing, all-dancing device code named the Application Security Gateway (ASG).

Using the underlying operating system of F5’s BIG-IP device, the ASG will combine the functionality of both the FirePass SSL VPN and the TrafficShield application firewall and will be launched next year, Pancottine says.Increasingly, security vendors will be offering these all-in-one combos, according to Wilson. “It makes sense that they would do that -- we’re really seeing the first generation of products that have a dual focus on securing applications and providing remote access,” he says.

F5 isn't the only security vendor refining its product line at the moment. Aventail today announced a software upgrade for its SSL VPN boxes designed to make the devices easier to manage (see Aventail Intros Smart SSL VPN).

— James Rogers, Site Editor, Next-gen Data Center Forum