Lucent speeds up firewalls

Lucent rolled out new VPN firewalls with more performance per dollar on Monday.

Lucent Technologies is putting the pedal to the metal in its new VPN (virtual private network) firewalls for carriers and large enterprises.

On Monday, the company introduced two firewalls with more performance for the money than the devices they replace. The gear is designed to secure huge numbers of simultaneous sessions over a company's or carrier's network: as many as 3 million on the top-of-the-line VPN Firewall Brick 1200 HS.

The growth of VOIP (voice over Internet Protocol) and video traffic is helping to raise requirements for security power on both enterprise and carrier networks. The Lucent products are designed to secure those latency-intensive applications, as well as other traffic, at higher speeds. Among other things, the Murray Hill, New Jersey, company is now carrying out AES (Advanced Encryption Standard) encryption on an accelerator card rather than in software, said Joe Raccuglia, general manager of the Lucent VPN Firewall unit of Bell Labs. The firewalls announced Monday also include intrusion detection and protection against DOS (denial of service) attacks.

The VPN Firewall Brick 700, designed for enterprises and for carrier central offices, replaces the Brick 350. It boasts firewall performance of 1.7G bps (bits per second), up from 787M bps in the previous product. The new product can encrypt data traversing the network at 425M bps using 3DES (Triple Data Encryption Standard) and 350M bps with AES. It can support 7,500 VPN tunnels simultaneously. The number of ports has also grown; the Brick 700 has eight 10/100/1000M bps Ethernet ports.

The VPN Firewall Brick 1200, Lucent's biggest VPN firewall, replaces the Brick 1100 and comes in two forms. The standard unit can firewall 3G bps of traffic and encrypt packets with 3DES or AES at 1.1G bps. That version can handle 2 million simultaneous sessions and has eight Gigabit Ethernet ports for copper cables as well as two for fiber. It offers roughly the same performance as the 1100 but at about one-third the price and half the size. The 1200 takes up 2U of standard shelf space and is priced starting at US$29,995. The 1100, a 4U product, costs about US$75,000 and up, Raccuglia said.

The 1200 is also coming out in a faster version, the 1200 HS, which has 4.5G bps of firewall speed and can do 3DES or AES encryption at 1.7G bps. It supports as many as 20,000 VPN tunnels. The high-speed version has 14 copper and 6 fiber Gigabit Ethernet ports. It is available now for between US$59,995 and US$69,995.

Also Monday, Lucent unveiled version 9.1 of its Lucent Security Management Server software. The new version includes a feature developed at Bell Labs, called Rules Based Routing, that lets the firewalls detect certain types of packets and send them to a third-party security appliance for antivirus scanning, spam filtering or another function. For example, the routing system could identify HTTP packets and send only them to a content filtering device, Raccuglia said. That would free the filtering device from having to inspect other types of packets that don't require it, he said.

All the new firewalls are available now. The previous models will remain available for the time being without a price cut, mostly to finish ongoing rollouts, Raccuglia said. Lucent expects to merge with Alcatel SA by the end of this year. It is too soon to say what impact that deal may have on Lucent's VPN firewall business, said company spokeswoman Devon Prutzman.