8/22/2005 -- Juniper Networks last week announced two new hardware modules for its NetScreen 5000 Series Firewall and Virtual Private Network (VPN) systems.

The new modules are important deliverables for that company, boasting performance (in a single chassis, no less) that no other major vendor can touch; in other important respects, however, they do little more than bring Juniper to competitive parity with arch-rival Cisco Systems Inc, analysts say.

First, the background: Juniper’s new 8G2 and 2XGE modules provide up to 15Gbps ASIC-accelerated VPN throughput with 3DES or AES encryption standards. The 8G2 Secure Port Module ships with eight 1-Gigabit Ethernet mini-GBIC Interfaces, while the 2xGE offers two 10-Gigabit Ethernet XFP interfaces.

From a performance standpoint, says Joel Conover, a principal analyst for enterprise infrastructure with consultancy Current Analysis, Juniper’s new NetScreen modules more than deliver the goods. “[T]hese new modules more than double the performance of Juniper’s highest-capacity firewall platforms, offering customers a massive performance boost and a migration path that delivers significant investment protection for existing installations while putting competitors’ performance claims on ice,” he writes.

Juniper went from also-ran to instant player in the firewall and VPN appliance space last year, when it acquired VPN and firewall appliance specialist NetScreen Technologies. One year later, market watcher Infonetics says Juniper is the market-leading firewall vendor, thanks to its NetScreen revenues.

In at least one respect, Juniper’s new NetScreen modules are a smart move, says Conover: They raise the bar innovation-wise and ensure that customers have a reason to come back to Juniper for future firewall technology. There’s another potential driver, too, Conover allows, thanks to growing demand for small-packet performance in very high throughput environments as a result of VoIP adoption. That being said, Juniper’s massive NetScreen modules are a tough sell in several respects, too -- starting first and foremost with their prices: It costs $114,000 just to deploy Juniper’s NetScreen 5200 platform with the new modules, which pretty much rules out that solution for departmental firewalls.

And secondly, notes Conover, Juniper is justly proud of the performance enhancements it's delivering with the new NetScreen modules -- Juniper’s support for small-packet performance is far and away better than anything offered by any other vendor, for example -- but it’s questionable whether there’s a market for performance of this kind in the enterprise. "[T]hese performance levels are only relevant to very large enterprises, service providers, and enterprises deploying firewalls in or near the very core of the network, a limited subset of the entire market for enterprise firewall and VPN technology, and because while significantly higher in performance, Juniper’s new modules only level the bar with Juniper’s chief rival, Cisco," he writes.

As for Cisco, says Conover, the networking giant can counter Juniper’s move by building bout the availability and scalability of its Catalyst 6500 platform. “Cisco needs to develop clustering technology in the Firewall and VPN modules for the Catalyst 6500 to reduce the competitive impact of a large, single rules-based firewall like Juniper’s NetScreen 5000 family,” he concludes. -Stephen Swoyer