A new gateway that promises to reduce network performance problems has been released by start-up NetD.

The SG-8 is the first product from the company, founded by three ex-Cisco employees, and enables software applications to be run independently so if one fails the rest keep going.

Unlike the multi-function security boxes that currently dominate the sector, NetD plans that its 3U-high box will grow to include a full IP PBX, so it could be the sole network box in branch offices.

"We took a clean sheet and analysed customer needs," says Tim Waters, NetD's marketing head. "Instead of combining legacy point products or bolting features on, start afresh - reduce complexity and the number of devices you have to deploy and manage, give the ability to remotely manage devices, and deliver a suite of services without trading off performance."

NetD faces competition from 3Com, Cisco and smaller companies such as Fortinet, Equiinet and Reflex Security. SG-8 also runs up against multiple single-function security devices that some businesses prefer. What might help set it apart though is its support for voice and data, redundant hardware and the segregation of software functions, says Keith Nissen, a senior analyst with In-Stat. He says he has heard that other vendors are preparing similar products that will roll out over the next year or so.

Equiinet product manager David Abbott says similar devices are already available, for example his company's NetPilot unified threat management box. "Security is the main thrust, but we are introducing a feature to offer QoS capabilities," he says.

SG-8 connects to a WAN via leased line or Ethernet. On the LAN side it can support up to 48 10/100/1000Mbit/s Ethernet ports by fully populating its six LAN slots with eight-port cards. The company says the hardware will support power over Ethernet in its next release to accommodate VoIP phones or Wi-Fi access points.

In the first release, software on the device supports QoS for voice traffic, as well as SIP signalling, but not call management or PBX features. If there are problems with software modules on the device, they can be handled remotely out-of-band via a feature called the Lifeline Management Framework. So even if all software on the box is down, a remote administrator can reach it to work on the problem. The feature can be used to upgrade software, add or delete services, or change policies.

Software application are segmented so they don't interfere with one another. An administrator could shut down the firewall to change policies but leave the VPN, intrusion detection, routing and switching up and running.

Another key feature is that packet processing is done in one pass - they are received, opened and put through whatever filtering is necessary, then forwarded. "That means less overhead," says Tim Waters. "It means you no longer have to replicate user data, and you can apply policies across services."

One criticism of these devices is that if they fail, an entire office can be left stranded. Waters says this is why SG-8 includes feature more commonly associated with carrier-class equipment, such as segmented applications and an independent management bus.

SG-8 costs £8,500 for a base model that includes a four-port T1 or Ethernet WAN card, an eight-port Ethernet LAN card, firewall, VPN, QoS, routing and intrusion detection/prevention. A smaller SG-4 model will follow in about three months time, Waters added.