Feature-stoked firewalls burn brightly

Free Newsletters

Log-in | Register

Page 2 of 2 « Previous Page

Feature-stoked firewalls burn brightly
			E-mail Printer Friendly Reprints Slashdot It!

When it came time to deliver data, the SonicWall, running on the somewhat limiting PDA-size StrongArm 233MHz processor, turned in a maximum 340 connections per second with the total number of persistent connections hitting the 96,000 mark. It wouldn’t handle the larger loads and didn’t ramp as well with mixed protocol data as the other two firewalls. However, it did a decent job of withstanding my attacks with the exception of a 28.4 percent unsuccessful transaction rate on the ARP attack.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Microsoft

The Pro 330 built and passed data through 843 tunnels, almost meeting the FortiGate-500 figure, but its data performance throughput figure was limited to 5.5Mbps. It began dropping tunnels when it got to 843 and logged a Payload Malformed error message in TeraVPN. The throughput test showed a small amount of CRC (cyclic redundancy check) errors as well as some tunnel fragmentation.

WatchGuard Vclass V80

The V80’s initial setup can be handled either through WatchGuard’s Vcontroller software via a Port 443 SSL connection to the box or from Cisco-like command line prompts. Changes are made directly to the CPU and updated to the database so the V80 doesn’t require reboots unless the modifications cause an interface change.

Vcontroller’s six-step setup wizard is self-explanatory and simple to move through, yet it does not compromise potential customization. Some important capabilities include enabling DHCP (Dynamic Host Configuration Protocol) on the private side and sending out e-mail alerts based on designated alarm conditions.

The V80’s default policy allows no traffic in. You can configure settings within the nifty Hacker Prevention screen using a setup wizard, making it possible to catch an attack that slips past the logic built in to the ASIC chip. I was able to set packet-per-second thresholds for several common nasties such as ICMP (Internet Control Message Protocol), Syn, UDP (User Datagram Protocol), POD (point of demarcation) and IP source route attacks. Additionally, V80 allows you to look at all the servers on your network, choose the weakest, and set parameters to that one. These customizable settings make this a very flexible, scalable product. The GUI is split into three parts comprised of activities, policy, and administration sections.

WatchGuard acquired RapidStream in April 2002 and as part of the product merger process, RapidStream’s RSSA (RapidStream Security Appliance) series morphed into the Vclass series. Hardware architecture remains the same, but there have been software upgrades. WatchGuard’s most recent software release includes application-layer inspection HTTP and SMTP, BGP (Border Gateway Protocol)-routing support, DHCP relay, and WAN fail-over.

The V80 supported a respectable 1,150 connections per second, sustained 125,960 persistent connections, and was unaffected by any of the attacks I tossed at it. I did notice, however, that the latency through the box increased every minute, then returned to the previous level almost as if a timer went off or there was some internal event occurring.

Its VPN capabilities proved the most powerful of my group’s, supporting data passage through 7,968 tunnels and providing a 63Mbps bi-directional data performance figure. The version of firmware I tested doesn’t support AES (Advanced Encryption Standard) encryption or Group 5. It builds tunnels at a maximum rate of two per second, which also happens to be its tear-down time, so I improvised, configuring it for 3DES encryption and Group 2 instead.

The V80 and FortiGate-500 proved they are in the same solution and cost class, although with slightly different strengths. If firewall muscle is of primary importance, the FortiGate-500 is the clear choice. If you’re more in need of VPN capability, the WatchGuard is the ticket. Both were impervious to the range of attacks we slung at them. The Pro 330 is the least powerful of the group but it only costs one third of the price of the other two, and would be suitable for most midsize businesses.

» Previous Page | 1 | 2

WatchGuard Technologies Firebox V80

WatchGuard Technologies, watchguard.com

Very Good 8.1

criteria	score	weight
Security	8	25%

Management	8	20%

Ease-of-use	7	15%

Scalability	9	15%

Setup	8	15%

Value	9	10%

Cost:
$9,990

Bottom Line:
The V80 won hands-down in the muscle portion of our VPN capabilities testing. This factor, coupled with respectable firewall performance capability under duress and comparable pricing to the FG500, make it the obvious choice for anyone who places higher value on high-volume VPN delivery.

About our Reviews and Scoring Methodology

SonicWall Pro330

SonicWall, sonicwall.com

Good 6.8

criteria	score	weight
Security	7	25%

Management	6	20%

Ease-of-use	8	15%

Scalability	5	15%

Setup	7	15%

Value	8	10%

Cost:
$2,795

Bottom Line:
The Pro330 provides an easy to use Web management GUI, which does a decent job of managing the firewall's configuration and operation. With typical appliance-like performance, the Pro330 would more than fit the bill for midsized businesses. However, it was the least powerful of this pack.

About our Reviews and Scoring Methodology

Fortinet FortiGate FG500

Fortinet, fortinet.com

Very Good 8.3

criteria	score	weight
Security	9	25%

Management	8	20%

Ease-of-use	8	15%

Scalability	8	15%

Setup	8	15%

Value	8	10%

Cost:
$9,995

Bottom Line:
The clear winner in our firewall performance tests, the FG500 delivers rock-solid performance and protection from attack. If management features combined with reasonable VPN support and unmatched persistent connection numbers are important to you, this firewall is worth the price.

About our Reviews and Scoring Methodology

E-mail

Printer Friendly

Reprints

Slashdot It!


	Alyson Behr is an InfoWorld contributing editor. Contact her at alyson_behr@infoworld.com.

TOP NEWS:

» Four quick tips for choosing an IM security product
71 percent of businesses will invest in real-time messaging this year. If you're one of them, be sure to protect your enterprise

» Forrester analysts ID hot IT jobs
Research group finds 16 IT roles with a promising future

» Nvidia claims 10 hours of HD video on Tegra chip
The Tegra 600 and 650 can be used with hard disk drives and are designed partly for mobile Internet devices

» Database vendors add Google's MapReduce
Greenplum and Aster Data Systems will support Google's programming technique, developed for parallel processing of large data sets across commodity hardware

» Network management: Tips for managing costs
New technologies, changing requirements, and ongoing equipment maintenance and upgrades cost money, but there are ways to manage expenses

» EMC targets SMBs, branch offices with new low-end storage
Celerra NX4 highlights include thin provisioning, snapshot technology for data recovery and backups, and Web-based console for management of storage volumes

COMPREHENSIVE DATA PROTECTION AND DISASTER RECOVERY
Traditional backup and recovery is becoming irrelevant. You need more. Watch this InfoWorld and Dell Equallogic webcast to learn the current trends in Comprehensive Data Protection and Disaster Recovery for VMware Virtual Infrastructure. Sponsored by Dell Equallogic:

» Click here to view this Webcast

Network Security Solutions Guide
Network security is comprised of so much more than protecting just one or two PCs. And network security management can be different based on your situation. Read this Solutions Guide to find the best ways to protect your entire network, from individual PCs to network-attached storage and more. Sponsored by ISC2

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Maximizing Mobility in Communications - Learn how recent advances in wireless technology, particularly faster links and more powerful receiving devices, have greatly...
AT&T Article: Reinventing the Telephone with VoIP - After weighing Internet telephony's costs against its benefits, some managers are deciding that VoIP is vital to their organizations...
AT&T Business Continuity Survey on Risk Management - For the seventh consecutive year, AT&T surveyed 500 leading American IT executives to learn what they're doing about business...
New from AT&T: Fixed-Mobile Convergence for High Performance - The newest fixed-mobile convergence (FMC) strategies could enable enterprises to increase the productivity and effectiveness...
Machines That Speak: The Machine-to-Machine Wireless Network - The new M2M systems are transforming everyday devices into never-blinking sentinels that provide both information and insight...
Securing the Converged Enterprise II - Securing the converged enterprise has become a multidimensional discipline requiring a centralized, defense-in-depth approach...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - Securing the Converged Enterprise I AT&T - An AT&T Article: When Content is King AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out AT&T - Machines That Speak: The Machine-to-Machine Wireless Network AT&T - The Top 10 Best Practices for Server Virtualization Planning Rocket Gang - Jazz Meets Development in IBM Rational Team Concert Nokia - Interaction between Nokia Intrusion Prevention and Nokia Firewall Riverbed - Five Ways to Reduce IT Costs in 2009 AT&T - AT&T Article: Reinventing the Telephone with VoIP (ISC)2 - I'm an SSCP Go-To Guy. See what I do. Click here! AT&T - AT&T Business Continuity Survey on Risk Management AT&T - Maximizing Mobility in Communications Rackspace - The True Value of a Hosting Provider AMD - The Future is Fusion. Only from AMD. Learn more. Nokia - The Case for a Specialized Security Platform Intersystems - Develop and integrate faster with InterSystems Ensemble. AMD - Learn how the new Quad-Core AMD Opteron(TM) processor improves performance AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution HP - HP Architect Planning Tools for MS Office Communications Server 2007 HP - Best Practices for Deploying Microsoft Office SharePoint Server 2007 HP - HP ProLiant BL480c Server Blade Microsoft Exchange Server 2007 HP - HP Smart Array P800 Controller and HP MSA60 2,500 Oracle - Top 3 Ways to Cut Costs in 2009 with Oracle Content Management AMD - See the power of the new Quad-Core AMD Opteron(TM) processor ASG Software - Transform your IT Organization now! ISC2 - Network Security Solutions Guide		Infoblox - The Costs and Impacts of DNS and IP Address Management Riverbed - Virtualization Solutions Guide Armstrong - Delivering Actionable Enterprise Architecture HP - HP StorageWorks products-control, consolidation and confidence. Vision Solutions - Solving Downtime Challenges to Manufacturing and Supply Chain Operations Oracle - The Top Three Ways to Cut Costs in 2009 HP - Predict the future with HP Insight Power Manager HP - Affordable technology-no compromise. HP server solutions. Motorola - The Enterprise Mobile Messaging Benchmark Report Data Domain - IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives Vision Solutions - Real-Time, On-Demand Information for Business Intelligence and Data Integration Samsung Printing Solutions - control workflow, costs and operations Check Point - Check Point Endpoint Security White Paper Get to know - BlackBerry Professional Software-find out more Oracle - Oracle Universal Content Management Oracle - Information Workplace Platforms: Oracle vs. Microsoft Oracle - Performance Monitor: ERP at the Speed of Light Sony - Discover the advantages of Sony LTO media at sony.com/lto. Sun - Virtual Machines: Sun's xVM Virtualization Portfolio Verisign - The Latest Advancements in SSL Technology CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Microsoft - Learn about the software-based VoIP solution from Microsoft. Oracle - Nucleus Report: Who's ready for SMB? Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist TecChannel :: TecCommunity

TOP NEWS:

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

TECH WATCH

COLUMNISTS

MORE INFOWORLD BLOGS

Sponsored Technology Links