'All-in-one' firewalls fall short

Tests show strong firewalls abound, but adding IPS, antivirus slows devices

Are there unified threat-management firewalls with the chops to provide the perimeter-security functions that an enterprise needs? In this Clear Choice Test, we set out to determine whether we could find a UTM firewall that could scale up successfully in performance, feature set and manageability.

We tested 13 UTM products from 12 hardware vendors and nine software vendors, all aimed squarely at the enterprise. We evaluated these products on performance. Could they deliver firewalling at gigabit speeds in an environment that included virtual LANs, dynamic routing, high availability and centralized management? And could they perform with intrusion-prevention systems (IPS) and antivirus turned on?


How we tested UTM firewall products

Archive of Network World tests

Subscribe to the Network Product Test Results newsletter


No single product came out on the top, but Juniper Networks, Check Point Software and Cisco were head and shoulders above the rest.

While products from these three companies can be beat in individual categories (IBM Internet Security Systems [IBM/ISS] soared in the IPS category, and Fortinet beat folks hands down on antivirus tests), they consistently finished among the top performers in all categories.

Because Check Point was represented four times (with its software riding on its own UTM-1 2050 box, as well as on hardware from Crossbeam Systems, IBM and Nokia) and Juniper twice (once on its ISG-1000 and once on its SSG-520M), these two vendors claimed the top seven spots on our scorecard.

We give the firewalls within these all-in-one devices an enthusiastic stamp of approval. Their UTM features, however, are another matter. We found that most products have dangerously variable performance characteristics when such UTM features as antivirus and IPS are turned on. We also found that the IPS and antivirus coverage in most products is not particularly strong. We had a few outstanding products in those tests, but not enough consistent winners to say that every enterprise should jump onto the UTM bus.

Snyder is a senior partner at Opus One, a consulting firm in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com.

NW Lab Alliance

Snyder is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.

Learn more about this topic

Buyer's Guide: Unified threat management

Top trends in enterprise UTM market

08/30/07

How to select enterprise UTM firewalls

08/30/07

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey: The results are in