F5 Networks Inc. is extending its firewall portfolio with a new product targeting service providers' mobile in...
S/Gi Firewall is built on the vendor's Big-IP Advanced Firewall Manager released earlier this year. The software sits at the General Packet Radio Services, or GPRS, interface of a 3G network or its 4G network equivalent, at the boundary of service providers' mobile infrastructure and the Internet.
"What we have done is create a strategic point of control in the network between the server destination and the client or user side. It's built around a proxy architecture, and it runs at extremely high performance and scale," said Brian Lazear, F5's senior director of product management.
The introduction of the software comes as mobile service providers face an ever more rugged threat landscape -- ranging from distributed denial-of-service attacks to malware and battery drain schemes. At the same time, mobile users now rely on a plethora of mobile devices that might no longer be vetted by their employers.
S/Gi, Lazear said, takes an application-oriented approach to address this multiplicity of devices and deployments, providing protection tailored to each mobile provider and the customers it serves. "Security has to be transparent and provide good protection profiles, but not induce high levels of latency or create any network outages," he said.
Additionally, mobile service providers must manage increasingly complex user sessions that require more bandwidth, Lazear said. "Handsets previously maybe only had one session: voice. Once you introduced data, you have lots of different control-plane sessions. You might introduce multiple sessions for individual pages, like if you are using maps or different applications. It creates a lot of stress on infrastructure. The number of devices has gone up; the sophistication of devices has gone up."
With a throughput of 640 Gbps, S/Gi can handle as many as 8 million connections per second, with 576 million concurrent sessions.
In conjunction with S/Gi, F5 rolled out Big-IQ Security, a policy management application. For now, the product works with S/Gi, but ultimately it will be engineered to support all of F5's Advanced Firewall Manager (AFM) products across the service provider and enterprise space. The software enables IT managers to oversee multiple AFM devices and deploy policies as needed. Such flexibility is needed as carriers migrate from 3G to 4G networks, Lazear said.
S/Gi is a natural extension of F5's existing firewall product line, said analyst Greg Young, a Gartner research vice president. "Certainly an offering targeted at [mobile] providers and carriers fits the profile" of F5's marketing strategy, he said. "I think the F5 firewall offerings are more targeted at organizations whose data centers are a much separate line of business than their general network, so that makes sense for this offering. Gartner doesn't see F5 in general competition with most firewall providers, so this niche offering is more in keeping where we'd see application delivery controllers installed."