A start-up founded by three ex-Cisco employees this week is set to announce its first product: a multifunction security device with hardware designed to minimize network performance problems when all functions are switched on, and software applications that run independently so if one fails the rest keep going.

Unlike other multifunction security boxes, NetD’s plan for its SG-8 box calls for it to grow to include a full IP PBX, so it could be the sole network box in branch offices.

NetD faces competition from established companies such as 3Com, Cisco and Fortinet. SG-8 also runs up against multiple single-function security devices that some businesses prefer (see www.networkworld.com, DocFinder: 7750).

What might help set it apart is its support for voice and data, redundant hardware and the segregation of software functions, says Keith Nissen, a senior analyst with In-Stat. He says he has heard that other vendors are preparing similar products that will roll out over the next year or so.

SG-8 connects to a WAN via T-1 or Ethernet. On the LAN side it can support up to 48 10/100/1000M bit/sec Ethernet ports by fully populating its six LAN slots with eight-port cards. The company says the hardware will support power over Ethernet in its next release to accommodate VOIP phones or Wi-Fi access points.

In the first release, software on the device supports QoS for voice traffic, as well as Session Initiation Protocol signaling, but not call management or PBX features.

If there are problems with software modules on the device, they can be handled remotely out of band via a feature called the Lifeline Management Framework. So even if all software on the box is down, a remote administrator can reach it to work on the problem. The feature can be used to upgrade software, add or delete services, or change policies.

Software application are segmented so they don’t interfere with one another. An administrator could shut down the firewall to change policies but leave the VPN, intrusion detection, routing and switching up and running.

Packet processing is done in one pass; they are received, opened and put through whatever filtering is necessary, then forwarded.

One criticism of these devices is that if they fail, an entire office can be left stranded.

SG-8 costs US$15,000 for a base model that includes a four-port T-1 or Ethernet WAN card, an eight-port Ethernet LAN card, firewall, VPN, QoS, routing and intrusion detection/prevention.