Qosmos for Next Generation Firewalls


The Challenge

Firewalls can no longer use ports to effectively classify traffic. Today’s firewalls must have:

  • Layer 7 / application identification
  • Beyond classification, advanced security applications such as IPS require visibility on application usage patterns (who is doing what).

Firewall vendors risk spending considerable time and money developing a traffic decoding technology such as Deep Packet Inspection and keeping up with constantly changing protocols and applications that make networks vulnerable.

How Qosmos Inside Solves the Problem

  • Qosmos DPI engine – ixEngine – is embedded into next-generation firewalls to provide Layer 7 application classification and delivery of traffic metadata attributes, such as message senders and receivers, and names of files shared or attached in an application.
  • Within days, firewall vendors can embed ixEngine into products for unmatched application classification and more effective security policy management.

Benefits for firewall vendors: Full application visibility


  • Identifies applications based on protocol grammar analysis, not ports
  • Goes beyond traditional Deep Packet Inspection to decode traffic inside tunneling protocols
  • Identifies actions launched within an application (such as login, browse, chat, file transfer, etc.)
  • Real-time extraction of communications metadata such as message senders and receivers, and names of files shared or attached in an application.
  • Recognizes thousands of protocols, applications and metadata
  • Allows users to develop their own protocol plugins that can be integrated in the ixEngine framework.

Designed with “Triple R” (robustness, reliability and resilience) in mind


  • Resilience, by functioning even under adverse external conditions (e.g. maliciously forged packets or flows)
  • Robustness, by performing well during difficult situations (e.g. SYN flood attacks, incomplete traffic)
  • Reliability, by adequately decoding traffic even under unusual circumstances (e.g. tunnels, obfuscated traffic, non-standard protocol behavior)

Support for all leading processor architectures


  • Optimized for all leading processors on the market: Intel x86, Broadcom, Cavium, EZChip, and Freescale.
  • Application classification at traffic speeds up to 10 Gbps on a single processor


qosmos for next generation firewalls example


Recognized protocols and applications (sample)

  • Email (smtp, pop3, imap, Lotus Notes, etc.)
  • Webmails (gmail, Yahoo mail, Outlook web access, etc.)
  • Instant Messaging (MSN Messenger, Yahoo!Messenger etc)
  • Web applications (HTTP, web browsing, URLs, etc.)
  • Tunnels (ICMP, HTTP tunneling, GRE, L2TP, etc)
  • File transfer protocols (FTP, Jabber, AIM file transfer, etc.)
  • P2P applications (eDonkey, BitTorrent, Gnutella, etc.)
  • Streaming (VoIP, media streaming, etc.)
  • Business applications (CRM, ERP, appliance or web mode, etc.)
  • Database protocols (MySQL, Postgress, etc.) Online gaming

Application visibility (sample)

  • HTTP: visited URL, URI
  • Email, webmails, social networking and messaging: login, sender, receiver(s), attached document (type, name, content) etc.
  • File transfer, P2P: login, file type, file name, file content, etc.

“There is a trend towards using niche specialists in the DPI area. Outsourcing highly specialized technical capabilities allows Equipment Manufacturers to focus on overall solutions development.”

Graham Finnie
Chief Analyst, Heavy Reading

heavy reading