Wednesday, May 09, 2012

SonicWall and Check Point Top Network World Clear Choice Test - Next Generation Firewalls - Best of Interop 2012

In the Network World Clear  Choice Test on Next Generation Firewalls, SonicWall was the top performer when it came to throughput (Part 1).  Check Point’s Check Point Security Gateway received the top score  in Part 2. Joel Snyder  did a deep dive looking at and testing Application Identification and Control.  Other companies in the Clear Choice Test, SonicWall (purchased by Dell from Thoma Bravo a couple of months ago), Fortinet, Check Point Software, and Barracuda Networks. This is a great two part article. (Scroll down for Best of Interop 2012 list)

David Newman wrote in Part 1 that   SonicWall    “Comes out on top in performance tests, but trade-offs remain”.  One of the Newman’s overall conclusions was that next generation firewalls are getting faster, and the tradeoff between speed and security is definitely getting smaller, but that these tradeoffs still exist.    

Network World used Spirent Avalanche traffic generator to measure content handling in a number of different configurations.  This was for Mixed Content HTTP handling and Static HTTP content handling.  Fortinet and SonicWall tended to have far superior performance in the tests over Check Point, and Barracuda Networks.  Newman includes a number of tables showing test results for throughput  in Part 1.

Seven features were tested as Part 2 of the Clear Choice Test:: Anti-Malware and URL Filtering, Intrusion Prevention, SSL Decryption, Next-Generation Application Identification, Basic Firewall Features, IPv6 Feature Set, and Next-Generation Visibility.  The final rankings and weighted average scores (top score possible, 5.0) were:

  1. 4.1 – Check Point Security Gateway
  2. 3.9 – SonicWall SonicOS
  3. 3.8 – Fortinet Fortigate
  4. 3.2 – Barracuda NG Firewall
Palo Alto Networks, the   company most associated with the phrase Next Generation Firewall (NGFW), was not in the Clear Choice Test on Next Generation Firewalls.  However, Snyder wrote,  “We stand by our original PA-5060 test headline back in August.  Palo Alto earns short list status.  If you are considering replacing your firewall to gain next generation features, Palo Alto remains a credible contender.”  The test methodology was a bit different last August. BTW,  not a lot of new information about Palo Alto Networks and their proposed initial public offering (IPO).

 Check Point’s product was superior when it came to Anti-Malware and URL Filtering, Intrusion Prevention, and Basic Firewall Functions.  SonicWall was the top product in SSL Decryption.  They tied on Next Generation Application Identification.

 “The Check Point Security Gateway has a fantastic management interface for application identification and control,” according to Joel Snyder.  He found  their product    much easier to use than the other products   tested.

SonicWall, "Would have had a higher score if its application identification GUI wasn't so poorly designed”  Snyder wrote.

“SonicWall has so many sub-divisions of every application, none of which were documented or made any sense to us, that we gave it a failing score when we tried to allow end users to see Facebook, but not post to it — one of vendor marketing's favorite examples of why a next-generation firewall is a good idea.  It was possible to block Facebook completely, but you can do that with a URL filter — you don't need a next-generation firewall." 

Some next generation firewall vendors take the position that with their products, you don't need the URL filtering capabilities provided by such vendors as Websense, McAfee and  Blue Coat Systems. Of course, they'll choose to differ!

According to  Snyder, “the defining characteristic of a next-generation firewall is the ability to identify and control traffic at the application layer.”  Network World    designed a suite of 40 tests in nine categories to see how well the firewalls would come out.  No product stopped all 40.  SonicWall was able to stop 26 for the top score.

About the Testing

In the first part of this test, vendors submitted their biggest, fastest boxes to David Newman's lab in California for performance testing.  Vendors were allowed to send a smaller, lighter device within the same product family to Joel Snyder's Arizona lab for features testing.There are links in both parts of the test providing details about test methodologies.

Part One – “Fast-forwarding firewall faceoff” was done by David Newman.

Part Two of “Next-Gen Firewalls, Off to a Good Start” was done by Joel Snyder.

Joel Snyder, a Network World Test Alliance partner, is a senior partner at Opus One in Tucson, Ariz. He can be reached at .

Both parts of the test are well worth reading.  Read them in conjunction with the test that NSS labs performed and released during RSA San Francisco."SonicWall, Palo Alto Networks Top Performers in New NSS NGFW Study – Block Rate vs. Price per Protected Mbps".  

Below is the list of winners for Best of Interop 2012. These were announced during Interop  Las Vegas. 16 editors evaluated the 130 plus entrants for the Best of Interop Awards.

Best of Interop
NEC ProgrammableFlow PF6800 Controller
NEC Corporation of America

Security  Winner
McAfee Network Security XC Cluster

Best Startup Company
V3 Systems

Cloud Computing & Virtualization Winner
Citrix VDI-in-a-Box
Citrix Systems

Collaboration Winner
Alcatel-Lucent OpenTouch Conversation            

Data Center & Storage Winner
Panzura Quicksilver Global Cloud Storage System v3.0

Management, Monitoring & Testing Winner
NEC ProgrammableFlow PF6800 Controller
NEC Corporation of America

Networking Winner
GS0072 Switch

Performance Optimization Winner
AppNav Virtualization Technology
Cisco Systems

Wireless & Mobility Winner
XpressConnect Enrollment System
Cloudpath Networks


1 comment:

Blogger said...

DreamHost is definitely one of the best website hosting provider for any hosting services you might require.