The Wait is Over for Safe Firewall 3100 Sequence



“I so sit up for the following firewall {hardware} improve cycle!”

– No One Ever

At all times Give Extra

If I discovered one factor from my firewall clients over the various years, it might be that they prefer to improve their {hardware} home equipment as a lot as a mean client likes to buy a brand new automobile. No quantity of flashy vendor advertising and marketing supplies with the compulsory “industry-first” guarantees peppered throughout could make up for this unglamorous train. Nobody enjoys forking out gobs of cash and spending sleepless implementation hours each few years in alternate for a shiny new field with largely the identical structure because the previous one, save for perhaps a barely quicker CPU. That mentioned, some {hardware} upgrades are definitely value it.

It’s been a minute since our final main {hardware} refresh, largely because of the future-proof structure of all Safe Firewall home equipment. One thing larger and higher has been within the works for some time, however my private choice has at all times been to optimize the software program first after which purpose-build nice {hardware} for it. As a substitute of asking you to undergo the enjoyable train of forklifting {hardware} extra typically, we launched Safe Firewall Menace Protection 7.0 final yr to do one thing magical. It considerably elevated (and doubled in some circumstances!) each risk safety and VPN efficiency throughout all supported firewall home equipment – together with ASA5508-X from about 7 years in the past – via a easy software program improve. If I wish to be an industry-first (if not industry-only) at one thing, delivering long-lasting buyer worth like that’s positively it.

Bundle of Energy

After delivering that software program efficiency goodness into our clients’ arms, it was time to comply with on with a basically new {hardware} structure. One thing constructed for resilience and scale whereas sustaining simplicity. A beast that might stand as much as the prevailing traits of pervasive site visitors encryption, assume it as a efficiency baseline, and crush these numbers throughout the {industry}. Final however not least, an answer that’s extremely cost-effective towards the competitors. That is how the brand new mid-range Safe Firewall 3100 Sequence was born.

Quite a lot of punch is packed into this industry-leading 1 rack-unit kind issue. Constructing on the years of architectural perfection, it continues to make use of an clever inner change material for non-blocking exterior community interface connectivity in addition to versatile load-balancing and prioritization logic. It options an enterprise-grade x86-based CPU engine with our extensible Menace Protection software program that excels at a number of vital safety and visibility capabilities. One is the proven-and-true deep packet inspection performance with Snort 3, backed by the risk intelligence and sheer brainpower of Cisco Talos. It’s complemented by inference-based utility identification and malware classification with our lately launched and fully in-house developed Encrypted Visibility Engine (EVE). All of the software program elements and buyer information are hosted on self-encrypting and optionally redundant Strong-State Drives (SSD) for that additional peace of thoughts.

We’re borrowing a web page from our higher-end home equipment by incorporating the industry-first Multi-Occasion functionality which supplies full useful resource separation between individually configured firewall tenants. Similar goes for the Clustering function (one other industry-first again in its day!) with a totally distributed forwarding airplane throughout as much as 8 particular person 3100 Sequence home equipment that act as a single logical unit. All this goodness is properly wrapped into the brand new unified Firewall Administration Middle expertise, eliminating one complexity after one other. Then there’s the pricing that ought to positively make your finances approvers smile. And simply once you thought that we had been all out of tips, there’s only one other thing.

It’s All About Encryption

The massive deal concerning the new Safe Firewall 3100 Sequence structure is the emphasis on processing encrypted site visitors. The standard {industry} method has been to deploy a look-aside crypto accelerator which works in tandem with the x86 CPU to course of IPsec and Transport Layer Safety (TLS) site visitors for each VPN and transit inspection functions. This method expectedly ends in an amazing efficiency degradation, mainly because of that look-aside nature that requires a number of traversals of the shared system bus for every encrypted or decrypted packet. Including insult to harm, most {industry} implementations additionally fail to speed up TLS session institution within the {hardware}; we had particularly addressed this drawback years in the past and proudly printed Safe Firewall risk safety throughput numbers with TLS decryption within the publicly obtainable information sheets – can I get one other industry-first right here?

The important thing distinction with the Safe Firewall 3100 Sequence home equipment is within the brand-new custom-built Discipline Programmable Gate Array (FPGA) part in between the interior change material and the x86 CPU complicated. Not solely does it implement a next-generation (and a patented industry-first!) Stream Offload engine for each lightning-fast single-flow throughput and high-performance-computing grade latency, nevertheless it additionally supplies yet one more industry-first in-path crypto acceleration functionality throughout each IPsec and Datagram TLS (DTLS) VPN connections. As soon as programmed by the risk safety software program, this intermediate part can decrypt and encrypt such flows in {hardware} with out having to depend on the primary system bus or consuming valuable x86 CPU cycles. The uncooked numbers under are spectacular as a lot as their comparability to the previous-generation Safe Firewall 2100 household, however the single-tunnel throughput with a bi-directional pair of IPsec Safety Associations (SA) is mind-blowing – one thing really industry-leading for any firewall equipment.

Enjoyable Instances Head

From absolutely distributed stateful scalability to remoted multi-tenancy to mind-blowing risk safety throughput and crypto acceleration efficiency, Safe Firewall 3100 doesn’t disappoint with quite a few (and all true!) industry-first claims. Constructing upon years of architectural perfection, it’s a risk safety bundle that’s priced proper to persuade virtually anybody to chunk the bullet and get that long-coming {hardware} improve out of the way in which. Whether or not you’re a brand new Safe Firewall buyer or a seasoned Firepower aficionado, Cisco has received your again with our unstoppable software program innovation for years to come back – maximizing the lifetime of your earlier {hardware} funding and protecting your enterprise protected .

For extra data on the Safe Firewall 3100 Sequence, click on right here.

We’d love to listen to what you suppose. Ask a Query, Remark Beneath, and Keep Related with Cisco Safe on social!

Cisco Safe Social Channels