In the Network World Clear
Choice Test on Next Generation Firewalls, SonicWall was the top performer when it came to throughput (Part 1). Check Point’s Check Point Security Gateway received the top score in
Part 2. Joel Snyder did a deep dive looking at and testing Application Identification
and Control. Other companies in the Clear
Choice Test, SonicWall (purchased by Dell from Thoma Bravo a couple of months
ago), Fortinet, Check Point Software, and Barracuda Networks. This is a great two part article. (Scroll down for Best of Interop 2012 list)
David Newman wrote in Part 1 that SonicWall “Comes out on top in performance tests, but
trade-offs remain”. One of the Newman’s overall
conclusions was that next generation firewalls are getting faster, and the
tradeoff between speed and security is definitely getting smaller, but that these tradeoffs still exist.
Network World used Spirent Avalanche traffic generator to measure
content handling in a number of different configurations. This was for Mixed Content HTTP handling and Static
HTTP content handling. Fortinet and
SonicWall tended to have far superior performance in the tests over Check
Point, and Barracuda Networks. Newman includes a number of tables showing test results for throughput in Part 1.
Seven features were tested as Part 2 of the Clear Choice
Test:: Anti-Malware and URL Filtering, Intrusion
Prevention, SSL Decryption, Next-Generation Application Identification, Basic Firewall
Features, IPv6 Feature Set, and Next-Generation Visibility. The final rankings and weighted average
scores (top score possible, 5.0) were:
- 4.1 – Check Point Security Gateway
- 3.9 – SonicWall SonicOS
- 3.8 – Fortinet Fortigate
- 3.2 – Barracuda NG Firewall
Palo Alto Networks, the company
most associated with the phrase Next Generation Firewall (NGFW), was not in the
Clear Choice Test on Next Generation Firewalls. However, Snyder wrote, “We stand by our original PA-5060 test headline back in August. Palo Alto earns short list status. If you are considering replacing your
firewall to gain next generation features, Palo Alto remains a credible
contender.” The test methodology was a
bit different last August. BTW, not a lot of new information about Palo Alto Networks and their proposed initial public offering (IPO).
Check Point’s product was superior when it came to
Anti-Malware and URL Filtering, Intrusion Prevention, and Basic Firewall
Functions. SonicWall was the top product
in SSL Decryption. They tied on Next Generation
Application Identification.
“The Check Point
Security Gateway has a fantastic management interface for application
identification and control,” according to Joel Snyder. He found
their product much
easier to use than the other products tested.
SonicWall, "Would have had a
higher score if its application identification GUI wasn't so poorly designed” Snyder wrote.
“SonicWall has so many sub-divisions of every application,
none of which were documented or made any sense to us, that we gave it a
failing score when we tried to allow end users to see Facebook, but not post to
it — one of vendor marketing's favorite examples of why a next-generation
firewall is a good idea. It was possible
to block Facebook completely, but you can do that with a URL filter — you don't
need a next-generation firewall."
Some next generation firewall vendors take the position that with their products, you don't need the URL filtering capabilities provided by such vendors as Websense, McAfee and Blue Coat Systems. Of course, they'll choose to differ!
According to Snyder, “the defining characteristic of a
next-generation firewall is the ability to identify and control traffic at the
application layer.” Network World designed a suite of 40 tests in nine
categories to see how well the firewalls would come out. No product stopped all 40. SonicWall was able to stop 26 for the top
score.
About the Testing
In the first part of this test, vendors submitted their
biggest, fastest boxes to David Newman's lab in California for performance
testing. Vendors were allowed to send a
smaller, lighter device within the same product family to Joel Snyder's Arizona
lab for features testing.There are links in both parts of the test providing details about test methodologies.
Part One – “Fast-forwarding firewall faceoff” was done by
David Newman.
Part Two of “Next-Gen
Firewalls, Off to a Good Start” was done by Joel Snyder.
Joel Snyder, a Network World Test Alliance partner, is a senior
partner at Opus One in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com .
Both parts of the test are well worth reading. Read them in conjunction with the test that
NSS labs performed and released during RSA San Francisco."SonicWall, Palo Alto Networks Top Performers in New NSS NGFW
Study – Block Rate vs. Price per Protected Mbps".
http://kensek.blogspot.com/2012/03/sonicwall-palo-alto-networks-top.htm
Best of Interop 2012 Awards - Las Vegas
Below is the list of winners for Best of Interop 2012. These were announced during Interop Las Vegas. 16 editors evaluated the 130 plus entrants for the Best of Interop Awards.
Best of Interop
NEC ProgrammableFlow PF6800 Controller
NEC Corporation of America
Security Winner
McAfee Network Security XC Cluster
McAfee
Best Startup Company
V3 Systems
Cloud Computing & Virtualization Winner
Citrix VDI-in-a-Box
Citrix Systems
Collaboration Winner
Alcatel-Lucent OpenTouch Conversation
Alcatel-Lucent
Data Center & Storage Winner
Panzura Quicksilver Global Cloud Storage System v3.0
Panzura
Management, Monitoring & Testing Winner
NEC ProgrammableFlow PF6800 Controller
NEC Corporation of America
Networking Winner
GS0072 Switch
Gnodal
Performance Optimization Winner
AppNav Virtualization Technology
Cisco Systems
Wireless & Mobility Winner
XpressConnect Enrollment System
Cloudpath Networks
Posts
No comments:
Post a Comment