Stateful Firewall
The World's fastest single-device Stateful Firewall
The Synogate Stateful Firewall is a cutting-edge, carrier grade stateful firewall designed to provide 200 GbE of throughput, unparalleled security, and supreme efficiency.
Built with a focus on performance and resilience, our firewall excels at dynamic session handling for line rates above 100 GbE and can support up to 16 Billion connections.
With the key advantage to be hardware-implemented, the Synogate Firewall is not only resilient against overwhelming attacks such as DDoS.
It is also not susceptible to software-based attacks.
Features:
- Fully hardware-implemented session handling at line rate
- Available with up to 224 GiB of DRAM, or HBM for managing East-West traffic
- 1U rack-mountable single device with < 100 W power intake
USPs:
- 16 - 20x faster than the fastest stateful firewalls on the market
- Guaranteed persistence of legitimate connections
- No-frills feature set - linux-free
Benefits:
- Ultimate performance, security, efficiency, and compute density
- Unprecedented capacity and reliability for optimal connection quality
- Resilient against DDoS and software-based attacks
Description
Synogate’s Stateful Firewall stands out in the field of highspeed firewalls by providing more and faster session context storage than any other single-device firewall. Offering unprecedented security with hardware-accelerated session management, it provides context-based packet processing without being vulnerable to DDoS attacks. Even better: without linux, there is no software to be hacked, eliminating the entirety of software-based attacks.
Technical Specifications:
- Throughput: 200Gbps
- Stateful Firewall throughput: 200Gbps
- New connections per second: 240M
- Concurrent connections: 16B
- DDoS protection SYN/sec: 240M
- Ports: 1x 100GbE, 1x 50 GbE, 5x 10 GbE
- Management Ports: Ethernet Mgmt Port RJ-45
- CPU: Quad-core 64 bit Arm* Cortex*-A53 (no linux)
- Memory: 224 GB DDR4
- Rack units: 1
- Power Supply: 230/110 V
- Power consumption: < 100 W
Would you like to know more?
Call us: +49-30-62932062
Future-proof your Network Security
Fast session state memory allows more than DDoS-resilient deep packet inspection. It allows for much more flexible states than just NEW, ESTABLISHED, and DROP - session tracking can be used for efficient protocol-based routing and fast-tracking priority traffic. It can even integrate into your application level security to rate-limit misbehaving clients at packet level. Additional custom features can be be implemented on demand.
Context is managed by our novel, hardware-implemented algorithm Synogate HashCache. It uses memory bandwith very close to the theoretical optimum (2.0003 memory accesses on average for normal traffic, and below 3 for worst case attack traffic). The result is multiple times the stateful throughput of any single-device firewall, in a rack-mountable 1U server form factor. With sub-microsecond latency, it is able to match patterns and even create new sessions at line rate. Using commodity DRAM, it provides hundreds of GiB of session context storage for billions of concurrent sessions.
By tracking the age of each session’s last activity, it knows which context entries can be replaced when running out of storage and can guarantee session persistence for all legitimate connections.
This means that users can always access your network, and legitimate connections are dropped, even during worst-case attack scenarios.
Demonstration
At the FPGA Conference Europe 2023, Synogate unveiled the first iteration of its groundbreaking stateful firewall, showcasing a remarkable capability of managing 240 million new connections every second while utilizing DRAM to maintain 16 billion state entries. This performance is not just incremental; it represents a quantum leap, offering a 16 to 20 times increase over the best stateful firewalls currently on the market. Such efficiency means that a single Synogate Firewall can replace up to 16 existing units, dramatically reducing both capital investment and operational costs for network infrastructure. For detailed info, check out our demonstrator page.
If you are interested in a technology partnership or custom features, such as offloading protocols or encryption, regex, etc., please