All postsThere’s a lot to consider when choosing a next generation firewall, and its speed performance on the network is a significant factor. But speed is only part of the story. The type of traffic, the applications in use and the degree of latency all influence an end-user’s experience.
Network security appliances are designed to achieve two main goals: to allow legitimate traffic to pass through the network unhindered, and to apply security controls that handle unwanted traffic. They may also prioritise certain types of traffic over others, improving performance where it will be most noticed by the organisation using it.
When testing the performance of a firewall, there needs to be a traffic load to either demonstrate or push it beyond its abilities. On its own, the raw data is useful for comparing products with a view to choosing which is most suitable for your organisation. But the more realistic this load, the more useful the test is.
Testing Using Realistic Loads
SE Labs next-generation firewall performance test is designed to show how well the device being tested can perform in realistic production environments, not just laboratory conditions. Our team tested using a mixture of enterprise traffic, specific applications and network services and moved on to examining detailed results for throughput and latency.
Throughput tests show how much data can pass through the device before it becomes overwhelmed and slows things down. Latency, which indicates how responsive users will find their experience on the network, is also critical to a productive deployment.
For this reason, we measured latency, and in more than one way. We looked at how fast web pages can be downloaded in full, and how quickly users can expect to see a connection at least start.
The results cover how quickly the device can shift different types of network traffic, and how specific applications and services performed.
We used the load details specified by the Benchmarking Methodology Working Group of the Internet Engineering Task Force, which is supported by the NetSecOPEN standards organisation.
First Public NGFW Performance Test
At SE Labs we don’t just publish raw figures. We use our knowledge and expertise to analyse the information to help add useful colour to the results.
The goal is to give a real-world opinion as to which figures are most important, highlight where optimum performances are achieved, and to explain why some details are more significant than others.
For example, a device might achieve an apparently strong performance when handling Voice over IP, but in real-life the human ear might struggle with sub-par connection quality. Conversely, what may seem like poor performance on paper might not be noticeable to users in a real deployment.
Today we published our first ever public next generation firewall performance test. Several other vendors have undertaken this test in the past, but Cisco is the first to allow its results to be made public.
Cisco’s achievement of receiving an SE Labs AAA rating should not be underestimated. Our security testing has always been known for its emphasis on real-world evaluations that push beyond the standard evaluation criteria. With extended tests that require the device to check, track and respond to large numbers of different types of connections, and multiple checks on latency, this test raises the bar on firewall performance testing.
The full report Advanced Performance Test Report: Cisco Secure Firewall 4225 can be download and read from our website.
