- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Part 1 | Part 2 | Next-gen firewalls require external visibility tools SonicWall stands tall in SSL decryption testing | Test methodology | Palo Alto next-gen firewall stacks up well Check Point takes best approach to URL filtering | Fortinet has highest catch rate in IPS testing Basic firewall functionality: Check Point's maturity shows through | Test archive
Network World - Knowing what's happening on your network is a pre-requisite to controlling the traffic. We call that visibility because it combines all of the information the firewall knows, including session and application information, traffic volumes, and rate information, into a way to "see" into your network -- to give you visibility.
In a traditional firewall, visibility is a nice-to-have, because security policy dictates what ports are allowed inbound and outbound and other tools, such as Netflow analyzers, can be used to dig into traffic. In next-generation firewalls, where the emphasis is on controlling application usage, visibility is a requirement.
Applications may have many different names and categories, and compared to ports and IP addresses, we found tremendous variation and ambiguity. Without visibility and knowing how the firewall classifies each application it identifies, you can't write the rules that make a next generation firewall "next-generation."
We quickly found that if you want good reporting, you need to have an external device to do it. SonicWall and Fortinet both have internal reporting engines; both engines had problems during our testing, which was entirely expected by the on-site engineers.
Fortunately, all products have off-box reporting engines that are critical to offering next-generation visibility. Check Point customers are not off the hook here either, because the standard Check Point reporting system won't do — you really must add on the optional SmartEvent to get the visibility required for next generation firewalls.
Fortinet FortiGate and Check Point Security Gateway (SmartEvent) gave us the best visibility into our traffic, with a combination of drill-downs, visual reporting including charts, lists, and "top-10" type lists. FortiGate's on-box dashboard was an especially slick visualization tool, which let us add "widgets" that included mini-reports that were constantly updated. FortiGate's dashboard wasn't just a visualization tool, because it included the ability to drill-down to get additional information. Our only complaint about the dashboard is that the display tool crashed in our browser several times during testing.
The FortiGate reporting engine is based on an SQL database and Fortinet isn't shy about exposing the internals of the database. All reports are configured within the firewall and you can easily get to the raw SQL used to generate the results. If you're the type of network manager who wants a lot of very custom reports, but don't want to extract the data and dump them into your own database, Fortinet's approach will be very attractive.
SonicWall and Barracuda also have good visibility tools, but we found them weaker than what Fortinet and Check Point offered. SonicWall confuses the issue a bit by having four separate visibility tools, ranging from the on-box tools (only suitable in very small environments) to their enterprise-class management system, SonicWall GMS.