Sourcefire Debuts Next Gen Firewall System


Sourcefire (NASDAQ:FIRE) has built its brand and reputation over the last decade on top of its Intrusion Prevention System (IPS) and the open source SNORT IPS project.

Sourcefire is now moving beyond IPS with new Next Generation Firewall (NGFW) technology that provides context awareness and deep packet inspection capabilities to help secure enterprise networks.

The new products include the 3D8140 NGFW Edition which delivers up to 10 Gbps of stateful packet inspection and the 3D8250 NGFW that provides up to 20 Gbps of packet inspection. David Stuart, Director of Product Marketing at Sourcefire told that the new platform use the same Linux powered base that powers the other elements of the Sourcefire 3D portfolio.

"These appliances can be configured and deployed as either as an IPS or as an IPS with a Firewall just at the switch of a software key," Stuart said. Sourcefire first announced their intention to enter the firewall space last year. A key part of the NGFW architecture is context awareness for the traffic analysis. Sourcefire's FireSIGHT technology delivers the context awareness piece that provides real-time network visibility and user awareness

"We think that's really important since you need to know first and foremost what you're protecting in order to do an adequate job," Stuart said. "More importantly, next generation firewall need to really be able to incorporate great controls and effective threat protection on the backside."

Stuart added that by blending IPS and Firewall, Sourcefire sees an opportunity to differentiate against its rivals which include HP's TippingPoint, Cisco, Juniper, and CheckPoint among others.

From a hardware technology perspective, Stuart noted that Sourcefire does have the capability through stacking and modules to expand the processing capabilities of their 3D platforms. He explained that the Sourcefire 3DS system has split out the packet filtering classification from the decision and analysis pieces so it can be load balanced across multiple processors.

One piece that is still somewhat unclear with the NGFW capabilities is how the system will be enabled for virtualization. In 2009, Sourcefire expanded their IPS solution for virtual security with a virtual defense center. "We do it on the IPS side, but we don't do it out of the door on firewall piece," Stuart said. "However we do have it on the roadmap and you'll see in the mid-2012 period."

With the move to include firewall capabilities on an IPS box, the question that many enterprises will need to ask themselves is whether or not they have a need to have two separate boxes anymore.

"We think that a lot of our boxes will go behind existing firewalls and augment their capabilities," Stuart said.

Stuart explained that over time as enterprises refresh their hardware there is an opportunity for the firewall to be absorbed into the inline Sourcefire NGFW box. He added that the Sourcefire system is a converged platform with firewall, IPS and application control all-in-one.

Over the course of 2012, the strategic plan at Sourcefire is to extend the NGFW capabilities to the 3D7000 platform as well. The 3D7000 is a fixed configuration platform, whereas the 3D8000 is modular. Sourcefire announced the 3D7000 in October of this year.

"By mid-2012 all of our install base will have the option to grow to application and user control," Stuart said.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.