NetScreen 5000 series boosts speed, adds chip

Raising the high end of its product line and boosting the performance threshold of its devices, firewall and virtual private network (VPN) vendor NetScreen Technologies Inc. Monday announced the release of two new appliances, the NetScreen 5200 and NetScreen 5400.

The devices, built around NetScreen’s new GigaScreen II ASIC (Application-Specific Integrated Circuit), can handle up to 12Gbps of firewall traffic and up to 6Gbps of VPN traffic, NetScreen claims. The 5000 series is aimed at very large enterprises, carriers and service providers, said David Flynn, vice-president of marketing of NetScreen, which is located in Sunnyvale, Calif.

Both devices can perform packet and content inspection on standard size and small packets, the kind of packets used in Voice over IP and other applications, Flynn said. Other firewall/VPN devices take a substantial performance hit when doing small packet inspection, but, thanks to the GigaScreen II, the NetScreen 5000 series devices perform faster, he said.

The 5200, which is immediately available worldwide, offers up to 8 Gigabit Ethernet ports or 2 Gigabit Ethernet and 24 Fast Ethernet ports, Flynn said. The device is 2U high (approximately 9 cm or about 3.5 inches) and offers up to 4Gbps firewall throughput and up to 2Gbps VPN performance, he said. The device costs US$99,000.

The 5400 will be available in the third quarter of 2002 and will offer up to 78 Gigabit and Fast Ethernet ports, he said. The 5U high device boasts up to 12Gbps firewall speeds and up to 6Gbps VPN throughput, he said. The device has not yet been priced, Flynn added.

Both devices can be managed through either a Web-based management console or a command line interface, he said. Support for the devices will be added to the company’s enterprise-class management console Global Pro at the beginning of the summer, he added.

The heart of the 5000 series boxes is the GigaScreen II ASIC, Flynn said. The GigaScreen II is the third ASIC created by NetScreen since its founding and is “a full-blown security processor,” he said. Instead of having security co-processors and accelerators as have been used in the past, the GigaScreen II can have all traffic routed through it, rather than through a device’s CPU (central processing unit), where the packet processing will take place, he said.

The ASIC can be scaled using multiple chips, with each individual chip offering 2Gbps of firewall processing and 1Gbps of VPN power, he said.

Flynn expects that the GigaScreen II will be able to drive NetScreen’s product line for a few years.

“I think it’s pretty clear that this is the right way to be going,” he said.