- HP buys EDS for $13.9 billion
- 10 ways the Chinese Internet is different
- What EDS is telling its people about HP deal
- Sprint loses nearly 1.1 million customers
- Desktops of the future here today
Rss FeedRss Feed
Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch Raven Zachary, Research Director for Open Source at the 451 Group, an independent IT analyst firm, discuss the emergence of enterprise Linux and the role of Oracle Unbreakable Linux support.
When we tested firewall performance as part of in our UTM firewall test we focused on how well the products would push inspected packets along with other UTM features, specifically intrusion-prevention systems and antivirus, turned on. However, many enterprise managers will use these devices primarily just as firewalls, and might be curious how fast they’d operate without UTM slowing them down.
Our initial test bed had been tuned for 1Gbps throughput, and eight of the 13 firewalls we tested blew right past the 1Gbps mark without UTM turned on. So, with the help of David Newman from Network Test, we outfitted the test bed with a 2.8Gbps capacity, and re-ran our firewalls through at that higher speed.
This second round of testing employed the same product configurations used for the 1Gbps UTM test with two exceptions. WatchGuard and Secure Computing have long offered proxy-based firewalls, claiming higher security than simple packet filters although with a cost in performance. WatchGuard’s Firebox and Secure Computing’s Sidewinder have the flexibility to use either simple packet filters, a generic proxy or an HTTP-specific proxy for HTTP traffic. Since our tests were made using HTTP traffic, we tested all three scenarios and reported all three numbers for each product.
Click to see: Chart of high-speed performance
|
Overall, we found that if you don’t want to turn on any of the UTM features, you can get outstanding performance with almost half of the boxes we tested running at more than gigabit speeds. Even better news is that some of those high-performance boxes (namely Juniper SSG-520M and WatchGuard’s Firebox Peak X8500e) are offered (we say almost) at a great price. (You can compare pricing for dozens of UTM products in our UTM Buyer's Guide.)
The interesting twist is that the top performers in this test are not a one-to-one match with the higher performers on our slower testbed. For example, the top-scoring device in our UTM test was the Juniper ISG-1000. However, on the price-per-megabit-of-throughput basis we can point to from this second round of testing, the ISG-1000 only falls into the middle of the pack. Instead, IT outfits looking for raw bandwidth to handle a gigabit link with power to spare will want to look at either the WatchGuard Firebox Peak X8500e (which costs just more than $20,000 and yields 1340Mbps throughput) and Juniper SSG-520M (which costs $24,600 and yields 1420Mbps throughput), either of which is one-fourth as expensive as the ISG-1000 on a price-for-bandwidth basis.
We still found that two of the firewalls, from IBM and Crossbeam, were faster than our test bed could go (that is 2800Mbps). But those are among some of the more expensive offerings we tested as well, coming in at just less than $70,000 and $100,000 respectively.
In some cases, our numbers came out below the advertised specifications for the firewalls we tested. This can happen for a number of reasons. For example, we discussed the FortiGate 3600A performance (which costs $121,790 and yielded 1240Mbps throughput) with the company’s engineers because it was much lower than the advertised specifications. They helped us to tune the firewall, and explained their specifications are based on streams of UDP packets running over a single connection at maximum packet size -- a test that will definitely give the highest performance number for a firewall.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
SonicWALL 5500/6500/7500By Joel Snyder on January 21, 2008, 10:18 pmWe have a test of the 5500/6500/7500 in process. Unfortunately for us, the firewalls have specs that are faster than our test bed, so we are working with Spirent...
Reply | Read entire comment
Fastest FirewallBy Anonymous on January 7, 2008, 12:42 amI would like the authors to test the latest firewall from SonicWALL. SOnicwall recently announced their new set of firewalls with multicore architecture. E7500/6500...
Reply | Read entire comment
This is a test. ValeskaBy Anonymous on December 14, 2007, 10:28 amThis is a test. Valeska
Reply | Read entire comment
Being a Fortinet partner,By SabianX on December 13, 2007, 10:07 amBeing a Fortinet partner, I'm expecting their typical "We weren't told the real specs of the review or we would have included 15 other options and speedy add-ons...
Reply | Read entire comment
"Who has the most expensive..."By Mrs. Jane Hacker on December 11, 2007, 3:22 pmYeah, a 39 cent patch cable also goes real fast. But we'd like the firewall to actually provide protection, eh? Not that iptables or ipfw doesn't, but... it doesn't....
Reply | Read entire comment
View all comments