UTM Firewalls: Your mileage will vary with your choice of protection
Our performance testing led us to a number of conclusions about deploying unified threat management firewalls in an enterprise setting. Antivirus scanning slows all but Fortinet's UTM firewall performance dramatically. IBM/ISS' Proventia was the only box to toe the speed line with an IPS up and running. Protecting clients is much more performance-intensive than protecting servers, highlighting the need to tune any IPS carefully. Combining IPS and antivirus in an enterprise UTM firewall causes a huge performance hit and brings most systems down to a small fraction of their total performance capabilities. |
Performance numbers are reported in megabit/second throughput rates. |
| Vendor |
Product |
Raw speed |
IPS-server |
IPS-client |
Anti-virus |
Antivirus+IPS-server |
Antivirus+IPS-client |
| Astaro |
ASG 425a |
243 |
180 |
166 |
69 |
21 |
17.2 |
| Check Point |
UTM-1 2050 |
754 |
221 |
40 |
98 |
95 |
38 |
| Cisco |
ASA5540 with SSM-20 IPS module |
662 |
118 |
118 |
NS |
NS |
NS |
| Crossbeam |
C25 |
1,000+ |
122 |
28 |
58 |
54 |
27 |
| Fortinet |
FortiGate 3600A |
1,000+ |
624 |
624 |
524 |
520 |
520 |
| IBM |
System x3650 |
1,000+ |
816 |
190 |
NS |
NS |
NS |
| IBM/ISS |
Proventia MX5010 |
1,000+ |
978 |
978 |
384 |
298 |
298 |
| Juniper Networks |
ISG-1000 |
1,000+ |
442 |
355 |
NS |
NS |
NS |
| Juniper Networks |
SSG-520M |
1,000+ |
426 |
166 |
157 |
138 |
98 |
| Nokia |
IP290 |
1,000+ |
156 |
29 |
54 |
33 |
25 |
| Secure Computing |
Sidewinder 2150D with IPS acceleration |
826 |
559 |
581 |
396 |
286 |
292 |
| SonicWall |
Pro 5060 |
587 |
318 |
318 |
208 |
208 |
208 |
| WatchGuard |
Firebox Peak X8500e |
1,000+ |
160 |
79 |
193 |
185 |
177 |
| NS means the device did not support optional antivirus scanning feature and therefore could not be tested. |
|
|
|
