Sourcefire shipping its first two app-aware, next-gen firewalls

Sourcefire Monday said it expects to begin shipping its first two next-generation firewall appliances later this month, entering an increasingly crowded market.

BACKGROUND: What you should know about next-generation firewalls

Traditional network firewalls examine and control traffic based on ports, but next-gen models add application-layer filtering. "It's the ability to see the applications traversing your network," says Sourcefire Director of Product Marketing Dave Stewart, who says the two appliances -- the 10Gbps 3D8140 Next-Generation Firewall Edition and the 20Gbps 3D8250 Next-Generation Firewall Edition -- can recognize more than 1,000 applications, down to granular controls. "And we'll constantly be adding more," he points out.

"We don't just identify Facebook, we identify Facebook chat, video and postings, and we can set user groups for Web filtering by URL," Stewart said, adding that the appliances provide a way to monitor and block what's occurring across the network, such as learning who's watching Netflix when they shouldn't be. The two new Sourcefire appliances also include intrusion detection and protection capabilities, the company's more traditional product focus.

Sourcefire anticipates that its customers will be working to gradually adapt the context-based application-layer controls to their networks even as they continue to use port-based firewalling, basically operating in dual-mode.

Operating in application-aware and port-based firewalling modes simultaneously has been the customary experience with other firewall vendors' "application-aware" firewalls, including those from Palo Alto Networks, Check Point and SonicWall.

One limitation in the new Sourcefire firewalls concerns their use in virtualized environments. The appliances cannot yet go deep into the hypervisor layer to inspect traffic which might, for example, be traveling between virtual machines on the same physical machine. But that kind of capability for the VMware environment is expected to be introduced around mid-2012.

Both NGFW appliances, expected to ship Dec. 23, start at $140,000.

Read more about wide area network in Network World's Wide Area Network section.

More about: Check Point, Facebook, IPS, LAN, Netflix, Palo Alto Networks, SonicWall, Sourcefire, Sourcefire, VMware
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Facebook, Firewall & UTM, netflix, security, sourcefire
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/170/gadwin-geforms/

Gadwin GeForms

GeForms allows you to create your own forms or fill in existing forms electronically. Using GeForms you are provided with sophisticated form design tools which ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia