Following closely on the heals of the release of the 4Gbps IPS appliance, Cisco released the ASA5580 Firewall. It comes in two models, a 5Gbps (ASA5580-20) and a 10 Gbps model (ASA5580-40).
Now those aren't backplane speeds or pie in the sky, UDP 1500 byte packet throughput numbers with protection turned off either. Vendors marketing teams love to quote us numbers that are meaningless in the real world. The performance numbers Cisco is quoting are real world performance numbers based on a mix of various rich media traffic samples with recommended firewall protection features turned on.
More performance numbers:
Now that's light your hair on fire, raw speed! My ears are bleeding just thinking about it.
The ASA 5580 also does VPN, both IPSEC and SSLVPN. It can support up to 10,000 tunnels per box, and scales to 100,000 tunnels if you cluster 10 of them together.
How do they achieve this performance? I thought you'd never ask.
The ASA 5580 series is the first ASA to support multi-threading in both software and hardware. The hardware is cutting edge with both multi-cores and multi-processors. Also, the ASA 5580 code has been written to take advantage of this new hardware.
Cisco has definitely entered the high performance security market with a bang, perhaps even a sonic boom! 150,000 connections per second with firewall inspection enabled; it nuts, just nuts.
Jamey Heary, CCIE No. 7680, is a security consulting systems engineer at Cisco. He leads its Western Security Asset team and is a field advisor for Cisco's global security virtual team. Jamey is the author of the recently published Cisco NAC Appliance: Enforcing Host Security with Clean Access. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey has been working in the IT field for 14 years and in IT security for 9 years.
|
|
