New from Cisco: Workplace-safety service, branch office firewall

Cisco unwraps Secure Firewall 3100 Series and SmartWorkspace, monitoring that can locate free workplace meeting rooms, report on their occupancy, even their humidity.

Co-workers wear protective face masks in a post-COVID office workspace.
South Agency / Getty Images

Cisco has taken the wraps off a new firewall and a technology package it says help enterprises better control hybrid workers' access to corporate resources and to enable a safer, more secure return to the office.

On the firewall front, Cisco has rolled out a new family of security appliances: the 1RU Secure Firewall 3100 series. The mid-range family starts with the 17Gbps-supporting 3110 and extends to the 3120, 3130, and 3140 devices which support 23Gbps-45Gbps throughputs. The series is meant to lower the barrier to entry, better support small branches and boost VPN performance, Cisco stated.”

“The big deal about the new Secure Firewall 3100 Series architecture is the emphasis on processing encrypted traffic,” wrote Andrew Ossipov, a Distinguished Engineer with Cisco Security Business Group in a blog about the new firewall.

“The traditional industry approach has been to deploy a look-aside crypto accelerator which works in tandem with the x86 CPU to process IPsec and Transport Layer Security (TLS) traffic for both VPN and transit inspection purposes. This approach results in a tremendous performance degradation, chiefly due to that look-aside nature that requires multiple traversals of the shared system bus for each encrypted or decrypted packet," Ossipov stated.

The 3100 includes a new custom-built Field Programmable Gate Array (FPGA) between the internal switch fabric and the x86 CPU. It implements a flow-offload engine for fast single-flow throughput and high-performance-computing grade latency and also provides in-path crypto acceleration across both IPsec and datagram TLS (DTLS) VPN connections, Ossipov stated.

“Once programmed by Cisco’s threat protection software, this intermediate component can decrypt and encrypt such flows in hardware without having to rely on the main system bus or consuming precious x86 CPU cycles,” Ossipov stated.

The 3100’s capabilities come from Cisco’s Secure Firewall Threat Defense 7.0 software released last year that supports security features including packet inspection from Snort 3 and threat-intelligence updates from Cisco Talos. It also includes inference-based application identification and malware classification with Encrypted Visibility Engine (EVE), which Cisco developed in-house, Ossipov stated.  

The 3100 can be managed alongside other Cisco security devices through the Secure Firewall Management Center which supports unified management of firewalls, application control, intrusion prevention, URL filtering, and malware defense, Cisco stated.

Smart Workspaces

Targeting workers who are going back into offices at least some of the time is Smart Workspaces, a service offered as part of Cisco's cloud-based DNA Spaces, which is comprised of Cisco’s Connected Mobile Experience (CMX) wireless suite and enterprise geolocation technology. 

CMX capabilities and software are being integrated into Cisco DNA Spaces, Cisco stated. The on-premises component of Cisco DNA Spaces is the CMX location engine. This component can calculate the location of devices for use with internal systems without connection to the cloud. Without the cloud, however, you will not have the full breadth of location insights or a captive portal.

In the post-COVID world, organizations will need tools like Smart Workplace to make hybrid workers comfortable, said Lucas Hanson, a senior product manager for Cisco DNA Spaces.

DNA Spaces can show not just which spaces—like department stores, waiting rooms, cafeterias—are being used and when, but also where people come from to get there, how long they stay, what data resources they use, and where they go after they leave.

The software also includes an IoT gateway service that lets customers manage a variety of IoT devices, form factors, and communications protocols. DNA Spaces includes analytics support that details who and what is in physical locations along with the ability to act on those insights in real-time, Cisco said.

The Smart Workspaces package includes a 3-D mapping capability and Webex support that can be used to let users locate a variety of in-office functions such as finding an empty meeting room or locating offices in large buildings. The mapping function can post graphics-rich images to Webex boards and systems.

“Basically the service lets customers see everything from room occupancy to air quality if they have those sensors,” Hanson said.

“Organization have employees that can look at the map and say there are too many people in that room to feel comfortable with so they can stay home or avoid those offices,” Hanson said. “Of course the flipside is true as well in the case where users want to be involved with a lot of people to engage with.”

Cisco Smart Workspaces will be available in May.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2022 IDG Communications, Inc.