Clavister Firewall Test ”Network Computing”Firewall Performance analysis, May 2004
Marcus HenschelCTO, Clavister Germany © 2004, Clavister AB. All rights reserved
Clavister Firewall Test ”Network Computing”
Agenda
1. Introduction
2. Participants
3. Test Scenario – logical Overview -
4. Test Procedure
I. unidirectional
II. multidirectional
III. many to many
5. Results unidirectional
6. Results multidirectional
7. Results many to many
8. Thank you
www.clavister.com
Clavister Firewall Test ”Network Computing”
The Clavister Firewall M 460 was one of 11 Firewalls that were tested in the German Computer Magazine “Network Computing” in April 2004.
Network Computing is one of the leading technical IT-Magazines in Germany.The test was performed at the University in Stralsund by Dr. Bernhard Stütz.
Network Computing Magazine focuses the following topics:- Network Operating Systems- Protocols- Server-Client Technologies- Security Software and security devices
The goal of this test was, how fast current Firewall-Appliances can handle secured communication traffic.
www.clavister.com
Introduction
Clavister Firewall Test ”Network Computing”
Participants
The TopThe Top--6 participants of this “Fast Ethernet Firewall 6 participants of this “Fast Ethernet Firewall -- Test “ where:Test “ where:
PositionPosition ProductProduct GradeGrade1:st 1:st Clavister M 460 Clavister M 460 (A+)(A+)2:nd2:nd Bintec VPN Access 1000 Bintec VPN Access 1000 (B+)(B+)3:rd3:rd Sonicwall Pro 3060 Sonicwall Pro 3060 (B)(B)4:th4:th Astaro timeNET secuRACK Astaro timeNET secuRACK (B)(B)5:th5:th Lucent Brick 350 Lucent Brick 350 (B)(B)6:th6:th Cisco PIX 515E Cisco PIX 515E (B(B--))
www.clavister.com
Clavister Firewall Test ”Network Computing”
Test Scenario - logical Overview -
dmz
externalFirewall
Smartbits 2
Client 2
internalSmartbits 1
Client 1
ServerSmartbits 3
192.168.20.1
192.168.20.33
192.168.30.1
192.168.10.1
194.94.78.1Management
internet
194.94.78.11
www.clavister.com
Clavister Firewall Test ”Network Computing”
Test Procedure
The Network Computing Magazine arranged three test procedures that were divided in three subtest.
I. unidirectional: one way traffic from dmz to the internal netI. 1518 Byte Packages
II. 512 Byte Packages
III. 64 Byte Packages
dmz
externalFirewall
Management
PBX
Laptop
internal
PBX
Laptop
internet
ServerPBX
194.94.78.11
192.168.20.1
192.168.20.33
192.168.30.1
192.168.10.1
194.94.78.1
www.clavister.com
Clavister Firewall Test ”Network Computing”
Test Procedure
II. multidirectional: parallel traffic from dmz to the internal netI. 1518 Byte Packages
II. 512 Byte Packages
III. 64 Byte Packages
dmz
externalFirewall
Management
PBX
Laptop
internal
PBX
Laptop
internet
ServerPBX
194.94.78.11
192.168.20.1
192.168.20.33
192.168.30.1
192.168.10.1
194.94.78.1
www.clavister.com
Clavister Firewall Test ”Network Computing”
Test Procedure
III. many to many: meshed traffic between internal, external and dmz netI. 1518 Byte Packages
II. 512 Byte Packages
III. 64 Byte Packages
dmz
external
Firewall
Management
PBX
Laptop
internal
PBX
Laptop
internet
ServerPBX
194.94.78.11
192.168.20.1
192.168.20.33
192.168.30.1
192.168.10.1
194.94.78.1
www.clavister.com
Clavister Firewall Test ”Network Computing”
Results unidirectional
0102030405060708090
100
1518 Byte 512 Byte 64 Byte
ClavisterBintecSonicwallAstaroLucentCisco
www.clavister.com
Clavister Firewall Test ”Network Computing”
Results multidirectional
0102030405060708090
100
1518 Byte 512 Byte 64 Byte
ClavisterBintecSonicwallAstaroLucentCisco
www.clavister.com
Clavister Firewall Test ”Network Computing”
Results many to many
0102030405060708090
100
1518 Byte 512 Byte 64 Byte
ClavisterBintecSonicwallAstaroLucentCisco
www.clavister.com
www.clavister.com
Firewall Test Summary
The Clavister M460 offers enterprise performance and functionality needed for efficient and flexible security solutions.
Top 10 features“Stateful Packet Inspection” firewalling
Integrated Office-to-office and mobile users VPN
Bandwidth Management
User Authentication
Intrusion Detection / Prevention
Application Recognition
Content Filtering
Secure multimedia with support for H.323
Virtual Routers with advanced routing capabilities
Centralised enterprise security management system
High performance
The Clavister Firewall Solution offers wire-speed in all test scenarios.
The M460 is the only solution in the Firewall test that won’t become the bottle neck in the tested scenarios
Mostly 50 % of the whole network traffic are 64-Byte-Packages
Clavister Firewall Test ”Network Computing”
Clavister Firewall Test ”Network Computing”
Thank you!
www.clavister.com