Stonesoft Gives Security Appliance a Speed Boost

May 15, 2007 Alex Woodie

Stonesoft, the Finnish provider of security software and appliances, last week unveiled a new line of firewalls and intrusion protection systems (IPSs) that will provide additional head room for customers making the move to the latest Gigabit networking topologies.

Stonesoft’s StoneGate firewalls provide packet filtering, stateful connection tracking, and application-level security of Internet traffic, Virtual Private Networking (VPN), as well as support for whitelisting and blacklisting, and Quality of Service (QoS) bandwidth management. The StoneGate IPS provides an active defense against worms and other malicious threats. Last week, Stonesoft refreshed its entire line of StoneGate firewall and IPS appliances, delivering new machines with greater total network throughput than the previous generation of Stonesoft appliances.

Heading up the new generation is the StoneGate FW-5100, a firewall that delivers total throughput of 10 Gbps (800 Mpbs for VPN throughput) and is the largest firewall Stonesoft has ever made. A smaller enterprise-strength firewall is the StoneGate FW-5000, which delivers total throughput of 4 Gbps. For midsize shops, Stonesoft introduced three new models, including the StoneGate FW-1200, FW-1050, and FW-1020, which deliver throughput of 2 Gbps, 800 Mbps, and 400 Mbps, respectively.

Stonesoft also delivered two new IPSs, including the StoneGate IPS-6000. This IPS supports Gigabit Ethernet connections and is available in two models: with an in-line sensor and a separate analyzer, or with a combined in-line sensor and analyzer that is easier to use. For mid size shops, Stonesoft offers the StoneGate IPS-2000, which features 600 Mbps throughput and is available in separate or combined models.

The increased network capacity of the latest line of security appliances will be put to good use supporting today’s bandwidth-hungry apps, says Mark Boltz, senior solutions architect for Stonesoft Americas in Atlanta, Georgia. “More and more, organizations are looking to do Voice over IP. They’re doing IP-based security and video monitoring. Old fashioned TVs are now IP-enabled, and all that data is now being brought home,” he says.

The FW-5100, like all Stonesoft firewalls, can be clustered into a chain and managed from a central location. “What’s really powerful about the FW-5100 is not just its raw performance,” Boltz says, “but also with our cluster technology that appliance can scale up to 16 machines. For maximum availability it will have all traffic transparently distributed to other boxes in that cluster.”

Another selling point for Stonesoft’s entire line of firewalls and IPS systems is the common management console. “Even though firewall VPN and IPS are separate boxes, the beauty of the management center is it all looks the same,” Boltz says. “Log data is correlated and aggregated between the two, so you can drill down into the data six ways from Sunday.”

Stoneoft’s appliances use standards-based processors running Linux operating systems. The company also sells its firewall-VPN solution as a software-only solution. In 2004, Stonesoft entered into a partnership with IBM to provide a firewall that runs in a Linux partition on iSeries servers. Stonesoft says there is currently more interest in its software-based firewalls among IBM’s System z customers than its System i customers.