How to stress a UTM
We challenged the Astaro, SonicWall, WatchGuard, and ZyXel appliances with a maximum dose of legitimate traffic, 200 VPNs, and hundreds of Internet attacks, all at the same timeFollow @infoworld
The promise of an alliance of test equipment vendors revolves around the fact that each vendor has its strengths and weaknesses. For example, our particular test tapped the Ixia IXLoad for generating the legitimate traffic moving through the WAN-LAN interfaces and the IPsec VPN tunnels, and the Mu Dynamics Analyzer to overwhelm the firewalls with malware. The trick to a real-world test, however, was to have both tools running all three major traffic types at the same time so that the devices under test wouldn't have the advantage of dedicating 100 percent of their CPU and memory resources (buffers are the name of the game) to a single task.
In the future we'd like to be able to control our distribution switches so that we can let our firewalls apply QoS profiles to redirect low-priority traffic onto different VLANs and perhaps even incorporate Network Access Control (NAC) functionality. Perhaps we could even control some as-yet-unannounced feature to script a full 802.1x Radius Authenticated user session as part of the test. Oh heck, why not simulate how a user might start a VoIP conversation on a wired deskset, then move to a wireless handset as they walk out of a building? Our great wish for the future is a flexible multivendor testing system with varying levels of scripting capability so that our tests can even more closely resemble the real world.
Curtis Franklin Jr. is a senior contributing editor to the InfoWorld Test Center.