On the FW/VPN range, the Sunnyvale, California-based company has announced the second generation of its Secure Port Modules (SPM), running its new GigaScreen 3 ASICs to enable theoretical throughputs of 30Gbps for the firewall and 15Gbps on the VPN for the larger box (the 5400), and 10Gbps and 5Gbps respectively on the smaller one (the 5200). To give an idea of the real-world rates (i.e. in which other factors are impacting performance), the 30Gbps theoretical performance on the larger FW is around 12Gbps.

The theoretical limits on the first generation of SPM were 12Gbps FW/6Gbps VPN for the 5400 and 4Gbps/2Gbps for the 5200. Both boxes are core VPN termination devices for the high end of the market, the larger device supporting up to 25,000 concurrent tunnels.

The difference between the two is that the 5200 has a single SPM while the 5400 has three. Both boxes are managed with a single management card and the move to the faster port module (a.k.a. the SPM 2) requires an upgrade of the management card, to the MGMT 2, which costs $35,000.

This means that, for existing users of the 5200, upgrading requires a straightforward replacement of the SPM 1 and the MGMT 1 cards, while a 5400 user can upgrade the management card and one of the three SPMs, continue running the other two from the new management card since they are backward compatible, and upgrade the others at a later date, as network usage requires.

The SPM 2 card costs $65,000 and is available in two flavours, a GbE version with eight mini-GBIC transceivers and a 10Gb version with no transceivers. We assume that for 10Gb the customer is going to specify and provide their own transceivers, said Anton Grashion, security portfolio marketing manager for Juniper in EMEA.

So much for the IPsec VPN side. Juniper’s SSL VPN range, which was refreshed in mid-year, has until now ended with the SA 6000, but now gains a more muscular high end with the SA 6000 SP, which adds a software-based virtualization capability called Instant Virtual System (IVS). The target here is either a service provider that wants to offer SSL services to customer that need clientless VPNs, or a very large enterprise with the same requirement for employees, partners and customers.

Until now, said Grashion, a service provider or company wanting to offer such services has had two equally uncomfortable options. They could either deploy and support a CPE box at each customer site or do it all in their core network, but again with one device per customer. The virtualization capability enables them to support multiple customers/users from a single box.

The 6000 SP has a list price of $25,000.