Cisco Systems Inc. Wednesday outlined its technology and pricing strategy for a new version of the Firewall Services Module that has so far been free for the Cisco Catalyst 6500 Series switches as a way to set up "virtual firewalls" at switching points.
Cisco, which introduced the firewall services module hardware about 18 months ago with periodic six-month upgrades, will now begin licensing it, starting at US$12,500 for a 20-virtual-firewall license. Janey Hoe, senior director of marketing, said this pricing is intended for the version announced today, the Cisco Catalyst 6500 Firewall Services Module 2.2.
According to Hoe, the Firewall Services Module 2.2 can be deployed and configured through any of three Cisco management consoles so that network managers can establish "logical firewalls" between Catalyst switching points, each with its own policy and rules.
The PIX Device Manager v.40 would only support a single Cisco Catalyst 6500 Series Firewall Services Module. But two other Cisco management platforms, the Ciscoworks Management for Firewalls v1.3 and CiscoView Device Manager v.1.0, allow for up to 100 firewall services modules to be managed through a central console.
Firewall controls can be set based on IP address, protocols, and network access control lists, Hoe said. The Firewall Services Module is wholly separate from the module for IPSec VPN, which is also available for the Cisco Catalyst 6500 Series switches, as are modules for intrusion detection.
In addition, Cisco also announced what amounts to a re-branding of the Riverhead Networks equipment, Guard and Detector, which Cisco gained in its acquisition of Riverhead this March for $39 million. Guard and Detector are used to monitor traffic flows and combat distributed denial-of-service (DoS) attacks that can flood networks with unneeded traffic so that legitimate traffic is obstructed.
The new names for the anti-distributed DoS gear are Cisco Guard XT 5650, which costs $90,000, and Cisco Traffic Anomaly Detector XT 5600, which costs $45,000. Cisco said it intends to integrate distributed DoS detection and mitigation technology into the Catalyst platform in the coming months.
The Cisco Guard XT 5650 is a network appliance that compares traffic flows to profiles of normal traffic patterns, behavior and protocol compliance, among other features, and can be used to block attacks.
The Cisco Traffic Anomaly Detector XT 5600 is used to identity a broad range of distributed DoS attacks and automate activation of the Cisco Guard XT 5650.