How we tested SonicWALL's firewalls

We installed the TZ200 and TZ210 firewalls on a production network in Rome, Italy, for a one month period to get a feel for their responsiveness, the new features of SonicOS, and reach and performance of the built-in wireless.

We installed the TZ200 and TZ210 firewalls on a production network in Rome, Italy, for a one-month period to get a feel for their responsiveness, the new features of SonicOS, and reach and performance of the built-in wireless.

Using the documentation provided by SonicWALL, we walked through all of the major new features in this hardware version and this software version to see how well they worked and how easy or difficult configuration was. Our production configuration was not overly complicated, but we did make an effort to test out multiple zones, network address translation, and a variety of firewall policies as well as dynamic routing with Cisco, Juniper and Nokia routers using Open Shortest Path First.

To test VoIP compatibility, we configured the TZ210 to firewall VoIP traffic using Session Initiation Protocol between Polycom phones and an Asterisk PBX. To test the new GSM 3G backup features, we used a USB key subscribed to an Italian telecommunications provider, and tested both failover and failback with the TZ210. For other feature testing, such as multicast and SSL controls, we either used standard client/server software or developed a small test harness to evaluate how well each feature worked.

Once we had a month of solid experience with the hardware under our belts, we took them back to the lab in Tucson, Ariz., for more bench testing.

For wireless testing, we used four laptops with recent software images from Apple, Dell and Lenovo. We used the open source TTCP test tool to push TCP traffic between laptops and servers located on the wired side of the network. Our wireless testing was not intended to be rigorous, but to give an idea of typical performance limits in an office environment with commonly deployed hardware and normal levels of RF interference. We used the same laptops to test the SSL VPN feature of the TZ210.

To test antimalware, we used our corporate Sophos scanner's quarantine to identify 15 recent viruses, which we then re-transmitted through the TZ210 firewall using SMTP, FTP and HTTP protocols over both standard and non-standard ports. Out of the 15 viruses, the TZ210 failed to identify two suspected viruses. We submitted these to the Virustotal multiple-engine scanning service, which gave a 78% "is a virus" score for one of them, and an 87% score for the other.

To test performance, we used Spirent WebAvalanche 2700 tools to generate HTTP traffic across the firewalls. We set up a profile using a typical Internet mix of traffic, ranging in size from 1KB objects to 1.5MB objects, and ran HTTP transactions through the firewalls at a rate designed to place a load of up to 1Gbps throughput.

Return to test.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)