When we tested firewall performance as part of in our UTM firewall test we focused on how well the products would push inspected packets along with other UTM features, specifically intrusion-prevention systems and antivirus, turned on. However, many enterprise managers will use these devices primarily just as firewalls, and might be curious how fast they’d operate without UTM slowing them down.
Our initial test bed had been tuned for 1Gbps throughput, and eight of the 13 firewalls we tested blew right past the 1Gbps mark without UTM turned on. So, with the help of David Newman from Network Test, we outfitted the test bed with a 2.8Gbps capacity, and re-ran our firewalls through at that higher speed.
This second round of testing employed the same product configurations used for the 1Gbps UTM test with two exceptions. WatchGuard and Secure Computing have long offered proxy-based firewalls, claiming higher security than simple packet filters although with a cost in performance. WatchGuard’s Firebox and Secure Computing’s Sidewinder have the flexibility to use either simple packet filters, a generic proxy or an HTTP-specific proxy for HTTP traffic. Since our tests were made using HTTP traffic, we tested all three scenarios and reported all three numbers for each product.
|
Overall, we found that if you don’t want to turn on any of the UTM features, you can get outstanding performance with almost half of the boxes we tested running at more than gigabit speeds. Even better news is that some of those high-performance boxes (namely Juniper SSG-520M and WatchGuard’s Firebox Peak X8500e) are offered (we say almost) at a great price. (You can compare pricing for dozens of UTM products in our UTM Buyer's Guide.)
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (6)
RE: Review: Who's got the fastest firewall?By Dr Bob Hacker on December 11, 2007, 9:34 amPerhaps you should add a subtitle: Who has the most expensive firewall. The Linux router project on a top end quad core white box with a solid state disk might amaze...
Reply | Read entire comment
"Who has the most expensive..."By Mrs. Jane Hacker on December 11, 2007, 3:22 pmYeah, a 39 cent patch cable also goes real fast. But we'd like the firewall to actually provide protection, eh? Not that iptables or ipfw doesn't, but... it doesn't....
Reply | Read entire comment
Being a Fortinet partner,By SabianX on December 13, 2007, 10:07 amBeing a Fortinet partner, I'm expecting their typical "We weren't told the real specs of the review or we would have included 15 other options and speedy add-ons...
Reply | Read entire comment
This is a test. ValeskaBy Anonymous on December 14, 2007, 10:28 amThis is a test. Valeska
Reply | Read entire comment
Fastest FirewallBy Anonymous on January 7, 2008, 12:42 amI would like the authors to test the latest firewall from SonicWALL. SOnicwall recently announced their new set of firewalls with multicore architecture. E7500/6500...
Reply | Read entire comment
SonicWALL 5500/6500/7500By Joel Snyder on January 21, 2008, 10:18 pmWe have a test of the 5500/6500/7500 in process. Unfortunately for us, the firewalls have specs that are faster than our test bed, so we are working with Spirent...
Reply | Read entire comment
View all comments