Organizations are faced with complex decisions when evaluating what products will improve network security. There are many factors that go into this type of decision of what products will improve the security of a network. Next-generation firewalls are a critical piece of network security, so they need to be carefully evaluated when purchasing. A next-generation firewall defines the latest evolution in firewalls that take traditional firewall function of packet filtering, network and port translations and stateful inspections adding additional filtering, inspecting and prevention of network traffic. Performance of a firewall while executing these functions is important in determining which product should be selected by an organization. How do you compare performance of firewalls?
When comparing firewall performance, there are several places that an organization could look to get the values. They could go to the product vendors and ask for the performance of their products directly and try to compare. One problem arises with this approach: the values that the firewall might provide could potentially not be an “apples-to-apples” comparison but an “apples-to-oranges” comparison. For example, products might report a value of number of packets thru an interface. One product might count packets by sending packets thru with a low payload. A second product may count packets that are sent with a size 64k payload. The results for these two devices would be very different based on these testing methods. This makes comparisons of results almost impossible when getting values directly from the products.