Watts up with power consumption?

Nokia, WatchGuard offer 'greenest' firewalls

The data center may seem a big place, but watts are watts: Every one you use costs you money. Two firewalls in a high-availability pair may not be the biggest power expense in a computer room, but that's no excuse to waste wattage.

In our "green factor" testing, we found that Nokia's and WatchGuard Technologies' UTM firewalls certainly know how to pass packets without wasting money: Both draw less than 1 amp. As the overall winner in this category, the Nokia IP290 pair we tested used 1.0 amps under load and barely slipped past WatchGuard's Firebox Peak devices, using 10% less power overall.

The IP290s are especially green because of their space and size. Nokia fits two half-wide boxes in a single 1U mounting bracket. That's downright elegant, especially compared with some of the other devices we tested. In fact, two Nokia IP290 firewalls weigh less than the rack-mount kit for the Secure Computing Sidewinder UTMs. When you upgrade and replace your firewalls at the end of a five-year life cycle, you're going to be throwing out a lot more finished product that had to be mined, manufactured, shipped and ultimately recycled.

Tracking the green side of UTM firewalls

Gigabit firewalls range from the very efficient (Nokia and WatchGuard) to the very wasteful (IBM and Secure Computing) when it comes to power consumed and materials to manufacture the device. You can build a greener data center by choosing products with lower resource requirements.
 

In amps

VendorProductHeightUnloaded current use (two devices)

Loaded current

use (two devices)
AstaroASG 425a1U2.22.5
Check PointUTM-1 20501U1.72.3
CiscoASA5540 with SSM-20 IPS module1U2.12.5
CrossbeamC252U3.54.2
FortinetFortiGate 3600A2U3.53.8
IBMSystem x36502U7.27.7
IBM/ISSProventia MX50102U5.05.5
Juniper NetworksISG-10003U2.82.8
Juniper NetworksSSG-520M2U2.32.3
NokiaIP2901U1.01.0
Secure ComputingSidewinder 2150D with IPS acceleration2U6.06.3
SonicWallPro 50601U1.71.9
WatchGuardFirebox Peak X8500e1U1.01.1

In the doghouse for their high power use were the general-purpose servers from IBM (running Check Point software) and Secure Computing (running on Dell hardware), which pulled down 7.7 amps to 6.3 amps in our tests (and emitting a similarly disproportionate number of BTUs). The custom-built IBM Internet Security Systems' Proventia MX5010 also weighed in heavily in this category, pulling down 5.5 amps.

Swapping amps for cycles

Measuring the power consumed by each device isn't necessarily a fair-comparison criterion, because different devices have different performance characteristics. It took both Nokia IP290 firewalls in a load-sharing cluster to get up 750Mbps of firewall performance, while the single, power-sucking IBM System x3650 clocked in at greater than 3Gbps throughput.

So if you like the Check Point UTM software, you can run it on a pair of Nokia IP290 systems instead of on IBM or Crossbeam Systems hardware and save 400% to 750% on power without giving up any features -- though you do have to give up performance.

Another tricky part of measuring power use lies in the management server. We didn't factor management into our power equation, because, with the exception of the IBM/ISS Proventia, which is a dedicated appliance, we ran management servers for each product in a virtual machine on a VMware server or on low-end systems we had in the lab. In a production environment, you'd want to put these consoles on real hardware, which would take proportionately more power, space and cooling resources.

Nevertheless, the numbers speak for themselves: If you have a 150Mbps OC-3 to the Internet that you want to firewall, the Nokia or WatchGuard firewalls will do it just fine and draw about 1 amp of power.

Learn more about this topic

Buyer's Guide: Unified threat management

Inside a green data center

11/05/07

Green technologies color Interop conference

10/26/07

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT