DATA$CENTER$FIREWALL$PRODUCT$ANALYSIS$$
|
|
- Holly Nicholson
- 8 years ago
- Views:
Transcription
1 DATA$CENTER$FIREWALL$PRODUCT$ANALYSIS$$ $ $ Fortinet$FortiGate$1500D$v5.0,build0252 $ 2014$ $Ryan$Liles,$Chris$Thomas$ $ $
2 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Overview NSSLabsperformedanindependenttestoftheFortinetFortiGate1500Dv5.0,build0252.Theproductwas subjectedtothoroughtestingatthenssfacilityinaustin,texas,basedonthedatacenterfirewallmethodology v1.0availableonwww.nsslabs.com.thistestwasconductedfreeofchargeandnssdidnotreceiveany compensationinreturnforfortinet sparticipation. WhilethecompanionComparativeAnalysisReports(CAR)onsecurity,performance,andtotalcostofownership (TCO)willprovidecomparativeinformationaboutalltestedproducts,thisindividualProductAnalysisReport(PAR) providesdetailedinformationnotavailableelsewhere. Firewalldevicesdeployedwithinadatacentertypicallywillbesubjectedtosignificantlyhighertrafficlevelsthana firewallornextgenerationfirewall(ngfw)deployedatthecorporatenetworkperimeter.furthermore,data centertrafficmixeswillbecompletelydifferentfromatypicalcorporatenetworkperimeter;whereperimeter deviceswillbeexpectedtoprotectawiderangeofendruserapplications,adatacenterdevicemaybedeployedto protectasingletypeofserversupportingfarfewernetworkprotocolsandapplications.thedatacenterfirewall testingmethodologyfocusesontheseaspects. Product Fortinet$FortiGate$1500D$$ v5.0,build0252 Stability&Reliability PASS NSSITested$Throughput$ 39,667Mbps FirewallPolicyEnforcement PASS Figure$1$ $Overall$Test$Results$ Thedevicepassedallstabilityandreliabilitytests.Thedevicealsopassedallfirewallpolicyenforcementtests. TheFortinetFortiGate1500DisratedbyNSSat39,667Mbps,whichisinlinewiththevendorRclaimed performance(fortinetratesthisdeviceat40gbps).nssrtestedthroughputiscalculatedasanaverageofallthe "RealRWorld ProtocolMixesandthe21KBHTTPresponseRbasedcapacitytests. 2014NSSLabs,Inc.Allrightsreserved. 2
3 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Table$of$Contents$ $ Overview$...$2 Security$Effectiveness$...$5 Performance$...$7 RawPacketProcessingPerformance(UDPThroughput)...7 Latency UDP...8 ConnectionDynamics ConcurrencyandConnectionRates...8 HTTPConnectionsperSecondandCapacity...10 ApplicationAverageResponseTime HTTP...10 HTTPConnectionsperSecondandCapacity(withDelays)...11 RealRWorldTrafficMixes...11 Stability$&$Reliability$...$13 Management$&$Configuration$...$15 Total$Cost$of$Ownership$(TCO)$...$16 Installation(Hours)...16 PurchasePriceandTotalCostofOwnership...17 Value:TotalCostofOwnershipperProtectedRMbps...17 Detailed$Product$Scorecard$...$18 Test$Methodology$...$20 Contact$Information$...$20 $ $ 2014NSSLabs,Inc.Allrightsreserved. 3
4 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Table$of$Figures$ $ Figure1 OverallTestResults...2 Figure2 FirewallPolices...6 Figure3 RawPacketProcessingPerformance(UDPTraffic)...7 Figure4 UDPLatencyinMicroseconds...8 Figure5 ConcurrencyandConnectionRates...9 Figure6 HTTPConnectionsperSecondandCapacity...10 Figure7 AverageApplicationResponseTimeinMilliseconds...10 Figure8 HTTPConnectionsperSecondandCapacity(withDelays)...11 Figure9 RealWorldDataCenterTrafficMixes...12 Figure10 Stability&ReliabilityResults...13 Figure11 HighAvailabilityResults...14 Figure12 SensorInstallationTimeinHours...16 Figure13 3RYearTCO...17 Figure14 TotalCostofOwnershipperProtectedRMbps...17 Figure15 DetailedScorecard NSSLabs,Inc.Allrightsreserved. 4
5 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D SecurityEffectiveness ThissectionverifiesthattheDUTiscapableofenforcingaspecifiedsecuritypolicyeffectively. Firewall$Policy$Enforcement Policiesarerulesthatareconfiguredonafirewalltopermitordenyaccessfromonenetworkresourcetoanother, basedonidentifyingcriteriasuchas:source,destination,andservice.atermtypicallyusedtodefinethe demarcationpointofanetworkwherepolicyisappliedisademilitarizedzone(dmz).policiesaretypicallywritten topermitordenynetworktrafficfromoneormoreofthefollowingzones: Untrusted$ Thisistypicallyanexternalnetworkandisconsideredto beunknownandnonrsecure.anexampleofanuntrustednetwork wouldbetheinternet. DMZ$ Thisisanetworkthatisbeingisolatedbythefirewallrestricting networktraffictoandfromhostscontainedwithintheisolated network. Trusted$ Thisistypicallyaninternalnetwork;anetworkthatis consideredsecureandprotected. TheNSSfirewalltestsverifyperformanceandtheabilitytoenforcepolicy betweenthefollowing: TrustedtoUntrusted UntrustedtoDMZ TrustedtoDMZ Note:FirewallsmustprovideataminimumoneDMZinterfaceinorderto provideadmzor transitionpoint betweenuntrustedandtrusted networks. 2014NSSLabs,Inc.Allrightsreserved. 5
6 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Test$Procedure$ BaselinePolicies SimplePolicies ComplexPolicies StaticNAT(NetworkAddressTranslation) Dynamic/HideNAT SYNFloodProtection AddressSpoofingProtection Results$ PASS PASS PASS PASS PASS PASS PASS Figure$2$ $Firewall$Polices$ $ 2014NSSLabs,Inc.Allrightsreserved. 6
7 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Performance ThereisfrequentlyatradeRoffbetweensecurityeffectivenessandperformance.BecauseofthistradeRoff,itis importanttojudgeaproduct ssecurityeffectivenesswithinthecontextofitsperformance(andviceversa).this ensuresthatnewsecurityprotectionsdonotadverselyimpactperformanceandsecurityshortcutsarenottaken tomaintainorimproveperformance. Raw$Packet$Processing$Performance$(UDP$Throughput)$ ThistestusesUDPpacketsofvaryingsizesgeneratedbytestequipment.Aconstantstreamoftheappropriate packetsize withvariablesourceanddestinationipaddressestransmittingfromafixedsourceporttoafixed destinationport istransmittedbirdirectionallythrougheachportpairofthedut. Eachpacketcontainsdummydata,andistargetedatavalidportonavalidIPaddressonthetargetsubnet.The percentageloadandframespersecond(fps)figuresacrosseachinrlineportpairareverifiedbynetwork monitoringtoolsbeforeeachtestbegins.multipletestsarerunandaveragestakenwherenecessary. Thistrafficdoesnotattempttosimulateanyformof realrworld networkcondition.notcpsessionsarecreated duringthistest,andthereisverylittleforthestateenginetodo.theaimofthistestispurelytodeterminethe rawpacketprocessingcapabilityofeachinrlineportpairofthedut,anditseffectivenessatforwardingpackets quicklyinordertoprovidethehighestlevelofnetworkperformanceandlowestlatency. 90,000 8 Megabits per Second 80,000 70,000 60,000 50,000 40,000 30, ,000 79,000 79,500 80, , , Latency (µs) 20, , Byte Packets 128 Byte Packets 256 Byte Packets 512 Byte Packets 1024 Byte Packets 1514 Byte Packets Mbps 43,000 75,000 78,000 79,000 79,500 80,000 Latency (µs) Figure$3$ $Raw$Packet$Processing$Performance$(UDP$Traffic)$ - $ TheFortiGate1500DshowedexceptionallatencyatallpacketsizesforUDPtraffic. 2014NSSLabs,Inc.Allrightsreserved. 7
8 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Latency$ $UDP$ Datacenterfirewallsthatintroducehighlevelsoflatencyleadtounacceptableresponsetimesforusers,especially wheremultiplesecuritydevicesareplacedinthedatapath.theseresultsshowthelatency(inmicroseconds)as recordedduringtheudpthroughputtestsat90%ofmaximumload. Latency$I$UDP$ Microseconds$ 64BytePackets 4 128BytePackets 4 256BytePackets 4 512BytePackets BytePackets BytePackets 7 Figure$4$ $UDP$Latency$in$Microseconds$ Connection$Dynamics$ $Concurrency$and$Connection$Rates$ TheuseofsophisticatedtestequipmentappliancesallowsNSSengineerstocreatetrue realworld trafficat multirgigabitspeedsasabackgroundloadforthetests. TheaimofthesetestsistostresstheinspectionengineanddeterminehowithandleshighvolumesofTCP connectionspersecond,applicationlayertransactionspersecond,andconcurrentopenconnections.allpackets containvalidpayloadandaddressdata,andthesetestsprovideanexcellentrepresentationofalivenetworkat variousconnection/transactionrates. Notethatinallteststhefollowingcritical breakingpoints wherethefinalmeasurementsaretaken areused: Excessive$concurrent$TCP$connections UnacceptableincreaseinopenconnectionsontheserverRside Excessive$response$time$for$HTTP$transactions Excessivedelaysandincreasedresponsetimetoclient Unsuccessful$HTTP$transactions Normally,thereshouldbezerounsuccessfultransactions.Theiroccurrence indicatesthatexcessivelatencyiscausingconnectionstotimeout. 2014NSSLabs,Inc.Allrightsreserved. 8
9 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D 8,000,000 3,000,000 7,000,000 6,829,697 6,979,895 2,565,000 2,500,000 6,000,000 2,000,000 Concurrent Connections 5,000,000 4,000,000 3,000,000 1,500,000 Connections / Second 1,000,000 2,000, ,000 1,000, , ,150 0 without data with data TCP Connections/Sec 273,600 HTTP Connections/Sec 282,150 HTTP Transactions/Sec 2,565,000 Concurrent TCP Conns 6,829,697 6,979,895 Figure$5$ $Concurrency$and$Connection$Rates$ $ NSSLabs,Inc.Allrightsreserved. 9
10 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D HTTP$Connections$per$Second$and$Capacity$ TheaimofthesetestsistostresstheHTTPdetectionengineanddeterminehowtheDUTcopeswithnetwork loadsofvaryingaveragepacketsizeandvaryingconnectionspersecond.bycreatinggenuinesessionrbasedtraffic withvaryingsessionlengths,thedutisforcedtotrackvalidtcpsessions,thusensuringahigherworkloadthanfor simplepacketrbasedbackgroundtraffic.thisprovidesatestenvironmentthatisascloseto realworld asitis possibletoachieveinalabenvironment,whileensuringabsoluteaccuracyandrepeatability. EachtransactionconsistsofasingleHTTPGETrequestandtherearenotransactiondelays(i.e.thewebserver respondsimmediatelytoallrequests).allpacketscontainvalidpayload(amixofbinaryandasciiobjects)and addressdata.thistestprovidesanexcellentrepresentationofalivenetwork(albeitonebiasedtowardshttp traffic)atvariousnetworkloads. 45,000 40,000 40,000 40, , ,000 35,000 Megabits per Second 30,000 25,000 20,000 15,000 29,000 14, , , , ,000 Connections / Sec 10,000 7,450 5,000 50, KB Response 21 KB Response 10 KB Response 4.5 KB Response 1.7 KB Response CPS 100, , , , ,000 Mbps 40,000 40,000 29,000 14,700 7,450 Figure$6$ $HTTP$Connections$per$Second$and$Capacity$ 0 Application$Average$Response$Time$ $HTTP$ Application$Average$Response$Time$I$HTTP$(at$90%$Maximum$Load)$ Milliseconds$ 2,500ConnectionsPerSecond 44KBResponse 0.4 5,000ConnectionsPerSecond 21KBResponse ,000ConnectionsPerSecond 10KBResponse ,000ConnectionsPerSecond 4.5KBResponse ,000ConnectionsPerSecond 1.7KBResponse 0.3 Figure$7$ $Average$Application$Response$Time$in$Milliseconds$ 2014NSSLabs,Inc.Allrightsreserved. 10
11 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D HTTP$Connections$per$Second$and$Capacity$(with$Delays)$ Typicaluserbehaviorintroducesdelaysbetweenrequestsandresponses,e.g. thinktime, asusersreadweb pagesanddecidewhichlinkstoclicknext.thisgroupoftestsisidenticaltothepreviousgroupexceptthatthese includea5seconddelayintheserverresponseforeachtransaction.thishastheeffectofmaintainingahigh numberofopenconnectionsthroughoutthetest,thusforcingthesensortoutilizeadditionalresourcestotrack thoseconnections. 45,000 40,000 40,000 40, , ,000 35,000 Megabits per Second 30,000 25,000 20,000 15,000 29,000 29, , , , ,000 Connections / Sec 10,000 5,000 50, KB Response 21 KB Response w/ Delay 10 KB Response Figure$8$ $HTTP$Connections$per$Second$and$Capacity$(with$Delays)$ 10 KB Response w/ Delay CPS 200, , , ,000 Mbps 40,000 40,000 29,000 29,000 0 RealIWorld$Traffic$Mixes$ Thistestmeasurestheperformanceofthedeviceundertestina realworld environmentbyintroducing additionalprotocolsandrealcontent,whilestillmaintainingapreciselyrepeatableandconsistentbackground trafficload.differentprotocolmixesareutilizedbasedontheintendedlocationofthedeviceundertest(network coreorperimeter)toreflectrealusecases.fordetailsaboutrealworldtrafficprotocoltypesandpercentages,see thenssnetworkfirewalldatacentertestmethodology,availableatwww.nsslabs.com. 2014NSSLabs,Inc.Allrightsreserved. 11
12 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D 45,000 40,000 35,000 40,000 40,000 38,000 40,000 40,000 30,000 25,000 Mbps 20,000 15,000 10,000 5,000 0 Real World Protocol Mix (Data center - Financial) Real World Protocol Mix (Data center - Virtualization Hub) Real World Protocol Mix (Data center - Mobile Applications) Figure$9$ $Real$World$Data$Center$Traffic$Mixes$ Real World Protocol Mix (Data center - Web Apps) Real World Protocol Mix (Data center - ISP) Mbps 40,000 40,000 38,000 40,000 40,000 TheFortiGate1500DperformedinRlinewiththethroughputclaimedbythevendorwithallmixesexceptformobile applications,whereitperformedslightlybelowitsratedthroughputanditsvendorrclaimedthroughput. 2014NSSLabs,Inc.Allrightsreserved. 12
13 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Stability&Reliability LongRtermstabilityisparticularlyimportantforaninRlinedevice,wherefailurecanproducenetworkoutages. ThesetestsverifythestabilityoftheDUTalongwithitsabilitytomaintainsecurityeffectivenesswhileunder normalloadandwhilepassingmalicioustraffic.productsthatarenotabletosustainlegitimatetraffic(orthat crash)whileunderhostileattackwillnotpass. TheFortiGate1500Disrequiredtoremainoperationalandstablethroughoutthesetests,andtoblock100%of previouslyblockedtraffic,raisinganalertforeach.ifanynonrallowedtrafficpassessuccessfully,causedbyeither thevolumeoftrafficorthedutfailingopenforanyreason,thiswillresultinafail. Test$Procedure$ BlockingUnderExtendedAttack PassingLegitimateTrafficUnderExtendedAttack ProtocolFuzzing&Mutation PowerFail Redundancy PersistenceofData Result$ PASS PASS PASS PASS YES PASS Figure$10$ $Stability$&$Reliability$Results$ 2014NSSLabs,Inc.Allrightsreserved. 13
14 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D HighAvailability(HA)(Optional)$ Highavailability(HA)isimportanttomanyenterprisecustomers,andthistablerepresentsthevendorsHAfeature set.ifnohaofferingwassubmittedfornsstovalidate,allresultsinthissectionwillbemarkedas N/A. Description$ Failover LegitimateTraffic TimetoFailover StatefulOperation Active/ActiveConfiguration Results$ PASS 0.1seconds PASS PASS Figure$11$ $High$Availability$Results$ 2014NSSLabs,Inc.Allrightsreserved. 14
15 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Management&Configuration Securitydevicesarecomplicatedtodeploy;essentialsystemssuchascentralizedmanagementconsoleoptions,log aggregation,andeventcorrelation/managementsystemsfurthercomplicatethepurchasingdecision. Understandingkeycomparisonpointswillallowcustomerstomodeltheoverallimpactonnetworkservicelevel agreements(slas),estimateoperationalresourcerequirementstomaintainandmanagethesystems,andbetter evaluaterequiredskill/competenciesofstaff. Enterprisesshouldincludemanagement&configurationduringtheirevaluationfocusingthefollowingat minimum: General$Management$and$Configuration$ howeasyisittoinstallandconfiguredevices,anddeploymultiple devicesthroughoutalargeenterprisenetwork? Policy$Handling$ howeasyisittocreate,edit,anddeploycomplicatedsecuritypoliciesacrossanenterprise? Alert$Handling$ howaccurateandtimelyisthealerting,andhoweasyisittodrilldowntolocatecritical informationneededtoremediateasecurityproblem? Reporting$ $howeffectiveisthereportingcapability,andhowreadilycanitbecustomized? 2014NSSLabs,Inc.Allrightsreserved. 15
16 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D TotalCostofOwnership(TCO) Implementationofsecuritysolutionscanbecomplex,withseveralfactorsaffectingtheoverallcostofdeployment, maintenanceandupkeep.alloftheseshouldbeconsideredoverthecourseoftheusefullifeofthesolution. Product$Purchase$ Thecostofacquisition. Product$Maintenance$ Thefeespaidtothevendor(includingsoftwareandhardwaresupport,maintenance andotherupdates.) Installation$ Thetimerequiredtotakethedeviceoutofthebox,configureit,putitintothenetwork,apply updatesandpatches,andsetupdesiredloggingandreporting. Upkeep$ Thetimerequiredtoapplyperiodicupdatesandpatchesfromvendors,includinghardware, software,andotherupdates. Management$ DayRtoRdaymanagementtasksincludingdeviceconfiguration,policyupdates,policy deployment,alerthandling,andsoon. Forthepurposesofthisreport,capitalexpenditure(CAPEX)itemsareincludedforasingledeviceonly(thecostof acquisitionandinstallation.) Installation$(Hours)$ Thistabledetailsthenumberofhoursoflaborrequiredtoinstalleachdeviceusinglocaldevicemanagement optionsonly.thiswillreflectaccuratelytheamountoftimetakenfornssengineers,withthehelpofvendor engineers,toinstallandconfiguretheduttothepointwhereitoperatessuccessfullyinthetestharness,passes legitimatetrafficandblocks/detectsprohibited/malicioustraffic.thiscloselymimicsatypicalenterprise deploymentscenarioforasingledevice. Costsarebaseduponthetimerequiredbyanexperiencedsecurityengineer(assumed$75perhourforthe purposesofthesecalculations)allowingnsstoholdconstantthetalentcostandmeasureonlythedifferencein timerequiredforinstallation.readersshouldsubstitutetheirowncoststoobtainaccuratetcofigures. Product$ Fortinet$FortiGate$1500D$$ v5.0,build0252 Installation$(Hours)$ 8 Figure$12$ $Sensor$Installation$Time$in$Hours$ 2014NSSLabs,Inc.Allrightsreserved. 16
17 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D Purchase$Price$and$Total$Cost$of$Ownership$ CalculationsarebasedonvendorRprovidedpricinginformation.Wherepossible,the24/7maintenanceand supportoptionwith24rhourreplacementisutilized,sincethisistheoptiontypicallyselectedbyenterprise customers.pricesareforsingledevicemanagementandmaintenanceonly;costsforcentraldevicemanagement (CDM)solutionsmaybeextra.ForadditionalTCOanalysis,includingCDM,refertotheTCOCAR. Product$ Fortinet$FortiGate$ 1500D$$ v5.0,build0252 Purchase$ Maintenance$ /$year$ Year$1$ Cost$ Year$2$ Cost$ Year$3$ Cost$ 3IYear$$ TCO$ $24,998 $5,649 $31,067 $6,369 $6,369 $43805 Figure$13$ $3IYear$TCO$ Year$1$Costiscalculatedbyaddinginstallationcosts($75USDperhourfullyloadedlaborxinstallationtime)+ purchaseprice+firstryearmaintenance/supportfees. Fortinetmaintenancefeesarecalculatedwiththe3RyearcostofanupRfrontpurchasedividedevenlyoverthe3R yearterm. Year$2$Cost$consistsonlyofmaintenance/supportfees.$ Year$3$Cost$consistsonlyofmaintenance/supportfees.$ ThisprovidesaTCOfigureconsistingofhardware,installationandmaintenancecostsforasingledeviceonly.TCO calculationsformultipledevicesaremodeledextensivelyinthetcocar. Value:$Total$Cost$of$Ownership$per$ProtectedIMbps$ Thereisacleardifferencebetweenpriceandvalue.Theleastexpensiveproductdoesnotnecessarilyofferthe greatestvalueifitofferssignificantlylowerperformancethanonlyslightlymoreexpensivecompetitors.thebest valueisaproductwithalowtcoandhighlevelofthroughput. Figure14depictstherelativecostperunitofworkperformed,describedasTCOperProtectedRMbps. Product$ Fortinet$FortiGate$1500D$$ v5.0,build0252 NSSITested$ Throughput$ 3IYear$TCO$ TCO$Per$ProtectedI Mbps$ 39,667Mbps $43,805 $1.10 Figure$14$ $Total$Cost$of$Ownership$per$ProtectedIMbps$ TCOperProtectedRMbpswascalculatedbytakingthe3RYearTCOanddividingitbytheNSSRTestedThroughput. Therefore3RYearTCO/NSSRTestedThroughput=TCOperProtectedRMbps. TCOisforsingledevicemaintenanceonly;costsforcentraldevicemanagement(CDM)solutionsmaybeextra.For additionaltcoanalysis,refertothetcocar. 2014NSSLabs,Inc.Allrightsreserved. 17
18 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D DetailedProductScorecard Thefollowingchartdepictsthestatusofeachtestwithquantitativeresultswhereapplicable. SecurityEffectiveness FirewallPolicyEnforcement BaselinePolicy PASS SimplePolicy PASS ComplexPolicy PASS StaticNAT PASS Dynamic/HideNAT PASS SynFloodProtection PASS AddressSpoofingProtection PASS Performance UDPThroughput Mbps 64BytePackets BytePackets BytePackets BytePackets BytePackets BytePackets LatencyRUDP Microseconds 64BytePackets BytePackets BytePackets BytePackets BytePackets BytePackets 7.0 ConnectionDynamics ConcurrencyandConnectionRates TheoreticalMax.ConcurrentTCPConnections 6,829,697 TheoreticalMax.ConcurrentTCPConnectionsw/Data 6,979,895 MaximumTCPConnectionsPerSecond 273,600 MaximumHTTPConnectionsPerSecond 282,150 MaximumHTTPTransactionsPerSecond 2,565,000 HTTPCapacityWithNoTransactionDelays 2,500ConnectionsPerSecond 44KBResponse 100,000 5,000ConnectionsPerSecond 21KBResponse 200,000 10,000ConnectionsPerSecond 10KBResponse 290,000 20,000ConnectionsPerSecond 4.5KBResponse 294,000 40,000ConnectionsPerSecond 1.7KBResponse 298,000 ApplicationAverageResponseTimeRHTTP(at90%MaxLoad) Milliseconds 2,500ConnectionsPerSecond 44KBResponse 0.4 5,000ConnectionsPerSecond 21KBResponse ,000ConnectionsPerSecond 10KBResponse ,000ConnectionsPerSecond 4.5KBResponse ,000ConnectionsPerSecond 1.7KBResponse 0.3 HTTPCPS&CapacityWithTransactionDelays 21KBResponseWithDelay 280,000 10KBResponseWithDelay 348, NSSLabs,Inc.Allrightsreserved. 18
19 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D RealWorld Traffic RealWorld ProtocolMix(DatacenterRFinancial) 40,000 RealWorld ProtocolMix(DatacenterRVirtualizationHub) 40,000 RealWorld ProtocolMix(DatacenterRMobileApplications) 38,000 RealWorld ProtocolMix(DatacenterRWebApps) 40,000 RealWorld ProtocolMix(DatacenterRISP) 40,000 Stability&Reliability BlockingUnderExtendedAttack PASS PassingLegitimateTrafficUnderExtendedAttack PASS ProtocolFuzzing&Mutation PASS PowerFail PASS Redundancy PASS PersistenceofData PASS FailoverRLegitimateTraffic PASS FailoverRTimetoFailover.1Seconds StatefulOperation PASS ActiveRActiveConfiguration PASS TotalCostofOwnership EaseofUse InitialSetup(Hours) 8 ExpectedCosts InitialPurchase(hardwareastested) $24,998 InstallationLaborCost(@$75/hr) $600 AnnualCostofMaintenance&Support(hardware/software) $6,369 InitialPurchase(enterprisemanagementsystem) SeeCAR AnnualCostofMaintenance&Support(enterprisemanagementsystem) SeeCAR TotalCostofOwnership Year1 $31,067 Year2 $6,369 Year3 $6,369 3RYearTotalCostofOwnership $43,805 Figure$15$ $Detailed$Scorecard$ Mbps 2014NSSLabs,Inc.Allrightsreserved. 19
20 NSSLabs DataCenterFirewallProductAnalysis FortinetFortiGate1500D TestMethodology Methodology$Version:NetworkFirewall DataCenterv1.0 AllTestIDsinthisreportrefertothemethodologydocument,notnecessarilytosectionsinthisreport. AcopyofthetestmethodologyisavailableontheNSSLabswebsiteatwww.nsslabs.com. ContactInformation NSSLabs,Inc. 206WildBasinRd BuildingA,Suite200 Austin,TX (512)961R Thisandotherrelateddocumentsavailableat: 2014NSSLabs,Inc.Allrightsreserved.Nopartofthispublicationmaybereproduced,photocopied,storedonaretrieval system,ortransmittedwithouttheexpresswrittenconsentoftheauthors. Pleasenotethataccesstooruseofthisreportisconditionedonthefollowing: 1.TheinformationinthisreportissubjecttochangebyNSSLabswithoutnotice. $ 2.TheinformationinthisreportisbelievedbyNSSLabstobeaccurateandreliableatthetimeofpublication,butisnot guaranteed.alluseofandrelianceonthisreportareatthereader ssolerisk.nsslabsisnotliableorresponsibleforany damages,losses,orexpensesarisingfromanyerrororomissioninthisreport. 3.NOWARRANTIES,EXPRESSORIMPLIEDAREGIVENBYNSSLABS.ALLIMPLIEDWARRANTIES,INCLUDINGIMPLIED WARRANTIESOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSE,ANDNONRINFRINGEMENTAREDISCLAIMEDAND EXCLUDEDBYNSSLABS.INNOEVENTSHALLNSSLABSBELIABLEFORANYCONSEQUENTIAL,INCIDENTALORINDIRECT DAMAGES,ORFORANYLOSSOFPROFIT,REVENUE,DATA,COMPUTERPROGRAMS,OROTHERASSETS,EVENIFADVISEDOFTHE POSSIBILITYTHEREOF. 4.Thisreportdoesnotconstituteanendorsement,recommendation,orguaranteeofanyoftheproducts(hardwareor software)testedorthehardwareandsoftwareusedintestingtheproducts.thetestingdoesnotguaranteethatthereareno errorsordefectsintheproductsorthattheproductswillmeetthereader sexpectations,requirements,needs,or specifications,orthattheywilloperatewithoutinterruption. 5.Thisreportdoesnotimplyanyendorsement,sponsorship,affiliation,orverificationbyorwithanyorganizationsmentioned inthisreport. 6.Alltrademarks,servicemarks,andtradenamesusedinthisreportarethetrademarks,servicemarks,andtradenamesof theirrespectiveowners. 2014NSSLabs,Inc.Allrightsreserved. 20
NETWORK FIREWALL PRODUCT ANALYSIS
NETWORK FIREWALL PRODUCT ANALYSIS Fortinet 800c FortiOS v4.3.8 build632 2012 1 Introduction Firewall technology is one of the largest and most mature security markets. Firewalls have undergone several
More informationNEXT GENERATION FIREWALL PRODUCT ANALYSIS
NEXT GENERATION FIREWALL PRODUCT ANALYSIS Cisco ASA 5585- X SSP60 v5.3.1 Authors Joseph Pearce, Christopher Conrad Overview NSS Labs performed an independent test of the Cisco ASA 5585- X SSP60 v5.3.1.
More information2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles
FIREWALL COMPARATIVE ANALYSIS Performance 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL NSA 4500,
More informationTEST METHODOLOGY. Network Firewall Data Center. v1.0
TEST METHODOLOGY Network Firewall Data Center v1.0 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls In The Data Center... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion
More informationNEXT GENERATION FIREWALL PRODUCT ANALYSIS
NEXT GENERATION FIREWALL PRODUCT ANALYSIS Palo Alto Networks PA- 3020 v6.0.5- h3 Authors Christopher Conrad, Joseph Pearce Overview NSS Labs performed an independent test of the Palo Alto Networks PA-
More informationNETWORK FIREWALL TEST METHODOLOGY 3.0. To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs.
NETWORK FIREWALL TEST METHODOLOGY 3.0 To receive a licensed copy or report misuse, Please contact NSS Labs at: +1 512-961-5300 or advisor@nsslabs.com 2011 NSS Labs, Inc. All rights reserved. No part of
More informationNETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS
NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS McAfee Network Security Platform NS9200 v7.1.5 2013 Ryan Liles, Joseph Pearce Overview NSS Labs performed an independent test of the McAfee NS9200 v7.1.5.
More informationMcAfee&Announces&Acquisition&Of&Stonesoft&to& Make&Data&Center&Play&&
ANALYST'BRIEF' McAfee&Announces&Acquisition&Of&Stonesoft&to& Make&Data&Center&Play&& Authors& &Bob&Walder,&Thomas&Skybakmoen,&John&W.&Pirc,&Jason&Pappalexis Overview OnMay6,2013,securityvendorMcAfee,Inc.enteredintoacombinationagreementwiththeintenttoacquire
More informationNEXT GENERATION FIREWALL TEST REPORT
NEXT GENERATION FIREWALL TEST REPORT Check Point Software Technologies, Ltd. 13800 Next Generation Firewall Appliance vr77.20 Author Timothy Otto Overview NSS Labs performed an independent test of the
More informationNEXT-GENERATION FIREWALL
NEXT-GENERATION FIREWALL INDIVIDUAL PRODUCT TEST RESULTS Check Point Power-1 11065 METHODOLOGY VERSION: 4.0 FEBRUARY 2011 Independent & unsponsored test report. Reprints Licensed to: Check Point Software
More informationNETWORK INTRUSION PREVENTION SYSTEM
NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS McAfee Network Security Platform (NSP) M-8000 Version 6.1 METHODOLOGY VERSION: 6.2 Independent & unsponsored test report. This and other related documents
More informationNETWORK INTRUSION PREVENTION SYSTEM
NETWORK INTRUSION PREVENTION SYSTEM PRODUCT ANALYSIS Fortinet FortiGate 3240C METHODOLOGY VERSION: 6.2 Independent & unsponsored test report. This and other related documents available at: http://www.nsslabs.com/ips
More informationTEST METHODOLOGY. Data Center Firewall. v2.0
TEST METHODOLOGY Data Center Firewall v2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Firewalls in the Data Center... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion Criteria...
More informationLARGE-SCALE INTERNET MEASUREMENTS FOR DIAGNOSTICS AND PUBLIC POLICY. Henning Schulzrinne (+ Walter Johnston & James Miller) FCC & Columbia University
1 LARGE-SCALE INTERNET MEASUREMENTS FOR DIAGNOSTICS AND PUBLIC POLICY Henning Schulzrinne (+ Walter Johnston & James Miller) FCC & Columbia University 2 Overview Quick overview What does MBA measure? Can
More informationHow To Test A Ddos Prevention Solution
TEST METHODOLOGY Distributed Denial- of- Service (DDoS) Prevention v1.0 Table of Contents 1 Introduction... 5 1.1 The Need for Distributed Denial- of- Service Prevention... 5 1.2 About This Test Methodology
More informationMULTI WAN TECHNICAL OVERVIEW
MULTI WAN TECHNICAL OVERVIEW The Multi WAN feature will allow the service provider to load balanced all client TCP and UDP traffic only. It also provides redundancy for HA. Traffic that is load balanced:
More informationNEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT
NEXT GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) TEST REPORT Fortinet FortiGate-1500D FortiOS v5.2.2 build 642 Author Ty Smith Overview NSS Labs performed an independent test of the Fortinet FortiGate-1500D
More informationTEST METHODOLOGY. Hypervisors For x86 Virtualization. v1.0
TEST METHODOLOGY Hypervisors For x86 Virtualization v1.0 Table of Contents 1 Introduction... 4 1.1 The Need For Virtualization... 4 1.2 About This Test Methodology And Report... 4 1.3 Inclusion Criteria...
More informationFrequently Asked Questions
Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network
More informationPerformance of Cisco IPS 4500 and 4300 Series Sensors
White Paper Performance of Cisco IPS 4500 and 4300 Series Sensors White Paper September 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of
More informationPolicy Based Forwarding
Policy Based Forwarding Tech Note PAN-OS 4.1 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Security... 3 Performance... 3 Symmetric Routing... 3 Service Versus
More informationIxChariot Virtualization Performance Test Plan
WHITE PAPER IxChariot Virtualization Performance Test Plan Test Methodologies The following test plan gives a brief overview of the trend toward virtualization, and how IxChariot can be used to validate
More informationSample Network Analysis Report
Sample Network Analysis Report Report Information Report created on 1/9/2014 9:35:19 PM. Analyst Information Name Sample Analysis Report E-mail Address info@chappellu.com Phone Number 408-378-7841 Client
More informationWEB APPLICATION FIREWALL PRODUCT ANALYSIS
WEB APPLICATION FIREWALL PRODUCT ANALYSIS F5 Big-IP ASM 10200 v11.4.0 Authors Ryan Liles, Orlando Barrera Overview NSS Labs performed an independent test of the F5 Big-IP ASM 10200. The product was subjected
More informationEvaluating Wireless Broadband Gateways for Deployment by Service Provider Customers
Evaluating Wireless Broadband Gateways for Deployment by Service Provider Customers Overview A leading provider of voice, video, and data services to the residential and businesses communities designed
More informationD. SamKnows Methodology 20 Each deployed Whitebox performs the following tests: Primary measure(s)
v. Test Node Selection Having a geographically diverse set of test nodes would be of little use if the Whiteboxes running the test did not have a suitable mechanism to determine which node was the best
More informationTest Methodology White Paper. Author: SamKnows Limited
Test Methodology White Paper Author: SamKnows Limited Contents 1 INTRODUCTION 3 2 THE ARCHITECTURE 4 2.1 Whiteboxes 4 2.2 Firmware Integration 4 2.3 Deployment 4 2.4 Operation 5 2.5 Communications 5 2.6
More informationNetwork Security Equipment The Ever Changing Curveball
Network Security Equipment The Ever Changing Curveball breakingpointsystems.com This document contains information that is the property of BreakingPoint Systems, Inc. This information may not be copied,
More informationSingle Pass Load Balancing with Session Persistence in IPv6 Network. C. J. (Charlie) Liu Network Operations Charter Communications
Single Pass Load Balancing with Session Persistence in IPv6 Network C. J. (Charlie) Liu Network Operations Charter Communications Load Balancer Today o Load balancing is still in use today. It is now considered
More informationSizing Guideline. Sophos UTM 9.2 - SG Series Appliances. Sophos UTM 9.2 Sizing Guide for SG Series appliances
Sizing Guideline Sophos UTM 9.2 - SG Series Appliances Three steps to specifying the right appliance model This document provides a guideline for choosing the right Sophos SG Series appliance for your
More informationHow To. Instreamer to Exstreamer connection. Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection. How To 1.
Instreamer to Exstreamer connection Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection 1.11 Date: 06.03.2013 2013 Barix AG, all rights reserved. All information is subject
More informationManaging Latency in IPS Networks
Application Note Revision B McAfee Network Security Platform Managing Latency in IPS Networks Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended
More informationSmart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
More informationProtocols. Packets. What's in an IP packet
Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets
More informationPERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY
APPLICATION NOTE PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY Copyright 2010, Juniper Networks, Inc. Table of Contents Introduction........................................................................................
More informationTEST METHODOLOGY. Web Application Firewall. v6.2
TEST METHODOLOGY Web Application Firewall v6.2 Table of Contents 1 Introduction... 4 1.1 The Need for Web Application Firewalls... 4 1.2 About This Test Methodology and Report... 4 1.3 Inclusion Criteria...
More informationNetwork Simulation Traffic, Paths and Impairment
Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating
More informationTEST METHODOLOGY. Distributed Denial-of-Service (DDoS) Prevention. v2.0
TEST METHODOLOGY Distributed Denial-of-Service (DDoS) Prevention v2.0 Table of Contents 1 Introduction... 4 1.1 The Need for Distributed Denial-of-Service Prevention... 4 1.2 About This Test Methodology
More information- Introduction to PIX/ASA Firewalls -
1 Cisco Security Appliances - Introduction to PIX/ASA Firewalls - Both Cisco routers and multilayer switches support the IOS firewall set, which provides security functionality. Additionally, Cisco offers
More informationDOCUMENT REFERENCE: SQ309-002-EN. SAMKNOWS TEST METHODOLOGY Web-based Broadband Performance White Paper. July 2015
DOCUMENT REFERENCE: SQ309-002-EN SAMKNOWS TEST METHODOLOGY Web-based Broadband Performance White Paper July 2015 SAMKNOWS QUALITY CONTROLLED DOCUMENT. SQ REV LANG STATUS OWNER DATED 309 03 EN FINAL SC
More informationTechnical Glossary from Frontier
Technical Glossary from Frontier A Analogue Lines: Single Analogue lines are generally usually used for faxes, single phone lines, modems, alarm lines or PDQ machines and are generally not connected to
More informationStrategies. Addressing and Routing
Strategies Circuit switching: carry bit streams original telephone network Packet switching: store-and-forward messages Internet Spring 2007 CSE 30264 14 Addressing and Routing Address: byte-string that
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More information2015-10-22 19:22:59 Report Generated: 10/22/2015 20:03 UTC. CPU Intel Xeon E5-2670 v2 2.50GHz Connections 1 Mean Jitter 10/22/15 1
2015-10-22 19:22:59 Report Generated: 10/22/2015 20:03 UTC Page 1 of 10 Provider Amazon Web Services Test Protocol TCP Mean Bandwidth Service Amazon EC2 Direction Up Median Bandwidth Region us-west-2 Duration
More informationPerformance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU
Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU Savita Shiwani Computer Science,Gyan Vihar University, Rajasthan, India G.N. Purohit AIM & ACT, Banasthali University, Banasthali,
More informationDOCUMENT REFERENCE: SQ312-003-EN. SAMKNOWS SMARTPHONE-BASED TESTING SamKnows App for Android White Paper. May 2015
DOCUMENT REFERENCE: SQ312-003-EN SAMKNOWS SMARTPHONE-BASED TESTING SamKnows App for Android White Paper May 2015 SAMKNOWS QUALITY CONTROLLED DOCUMENT. SQ REV LANG STATUS OWNER DATED 312 003 EN FINAL JP
More informationInsiders View: Network Security Devices
Insiders View: Network Security Devices Dennis Cox CTO @ BreakingPoint Systems CanSecWest/Core06 Vancouver, April 2006 Who am I? Chief Technology Officer - BreakingPoint Systems Director of Engineering
More informationH3C Firewall and UTM Devices DNS and NAT Configuration Examples (Comware V5)
H3C Firewall and UTM Devices DNS and NAT Configuration Examples (Comware V5) Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted
More informationMMPTCP: A Novel Transport Protocol for Data Centre Networks
MMPTCP: A Novel Transport Protocol for Data Centre Networks Morteza Kheirkhah FoSS, Department of Informatics, University of Sussex Modern Data Centre Networks FatTree It provides full bisection bandwidth
More informationKey Components of WAN Optimization Controller Functionality
Key Components of WAN Optimization Controller Functionality Introduction and Goals One of the key challenges facing IT organizations relative to application and service delivery is ensuring that the applications
More informationFortiGate-3950B Scores 95/100 on BreakingPoint Resiliency Score (Security, Performance, & Stability)
FortiGate-3950B Scores 95/100 on BreakingPoint Resiliency Score (Security, Performance, & Stability) Overview Fortinet FortiGate -3950B enterprise consolidated security appliance has achieved a BreakingPoint
More informationLink Load Balancing 2015-04-28 08:50:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement
Link Load Balancing 2015-04-28 08:50:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Link Load Balancing... 3 Link Load Balancing... 4 Configuring
More informationTRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing
TRUFFLE Broadband Bonding Network Appliance A Frequently Asked Question on Link Bonding vs. Load Balancing 5703 Oberlin Dr Suite 208 San Diego, CA 92121 P:888.842.1231 F: 858.452.1035 info@mushroomnetworks.com
More informationHow To Configure Virtual Host with Load Balancing and Health Checking
How To Configure Virtual Host with Load How To Configure Virtual Host with Load Balancing and Health Checking Balancing and Health Checking Applicable Version: 10.02.0 Build 473 onwards Overview This article
More informationImproving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008
Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008 When you buy a broadband Wide Area Network (WAN) you want to put the entire bandwidth capacity to
More informationThe Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands
The Ecosystem of Computer Networks Ripe 46 Amsterdam, The Netherlands Silvia Veronese NetworkPhysics.com Sveronese@networkphysics.com September 2003 1 Agenda Today s IT challenges Introduction to Network
More informationApplication Level Congestion Control Enhancements in High BDP Networks. Anupama Sundaresan
Application Level Congestion Control Enhancements in High BDP Networks Anupama Sundaresan Organization Introduction Motivation Implementation Experiments and Results Conclusions 2 Developing a Grid service
More information1000Mbps Ethernet Performance Test Report 2014.4
1000Mbps Ethernet Performance Test Report 2014.4 Test Setup: Test Equipment Used: Lenovo ThinkPad T420 Laptop Intel Core i5-2540m CPU - 2.60 GHz 4GB DDR3 Memory Intel 82579LM Gigabit Ethernet Adapter CentOS
More informationExtreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection
DATA SHEET Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection HIGHLIGHTS Delivers superior zero-day threat
More informationNetwork Performance: Networks must be fast. What are the essential network performance metrics: bandwidth and latency
Network Performance: Networks must be fast What are the essential network performance metrics: bandwidth and latency Transmission media AS systems Input'signal'f(t) Has'bandwidth'B System'with'H(-) Output'signal'g(t)
More informationIntroduction Page 2. Understanding Bandwidth Units Page 3. Internet Bandwidth V/s Download Speed Page 4. Optimum Utilization of Bandwidth Page 8
INDEX Introduction Page 2 Understanding Bandwidth Units Page 3 Internet Bandwidth V/s Download Speed Page 4 Factors Affecting Download Speed Page 5-7 Optimum Utilization of Bandwidth Page 8 Conclusion
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationMcAfee Network Security Platform A uniquely intelligent approach to network security
McAfee Network Security Platform A uniquely intelligent approach to network security Key Advantages Unparalleled Advanced Threat prevention Signature-less, advanced malware analysis. Inline Browser and
More informationSAN/iQ Remote Copy Networking Requirements OPEN iscsi SANs 1
SAN/iQ Remote Copy Networking Requirements OPEN iscsi SANs 1 Application Note: SAN/iQ Remote Copy Networking Requirements SAN/iQ Remote Copy provides the capability to take a point in time snapshot of
More informationHome Networking Evaluating Internet Connection Choices for a Small Home PC Network
Laboratory 2 Home Networking Evaluating Internet Connection Choices for a Small Home PC Network Objetive This lab teaches the basics of using OPNET IT Guru. OPNET IT Guru s user-friendly interface with
More informationDOCUMENT REFERENCE: SQ312-002-EN. SAMKNOWS SMARTPHONE-BASED TESTING SamKnows App for Android White Paper. March 2014
DOCUMENT REFERENCE: SQ312-002-EN SAMKNOWS SMARTPHONE-BASED TESTING SamKnows App for Android White Paper March 2014 SAMKNOWS QUALITY CONTROLLED DOCUMENT. SQ REV LANG STATUS OWNER DATED 312 002 EN FINAL
More informationTesting Darwinsim: The History and Evolution of Network Resiliency
Testing Darwinsim: The History and Evolution of Network Resiliency Mike Hamilton Ixia Communications Session ID: SPO-210 Session Classification: General Interest Why Should I Care? 2 RESILIENCY Defining
More informationIT@Intel. Optimizing WAN Performance for the Global Enterprise
White Paper Intel Information Technology Computer Manufacturing WAN Performance and Optimization Optimizing WAN Performance for the Global Enterprise To improve throughput on Intel wide area network (WAN)
More informationReferring to the above question, the end-to-end delay (transmission delay plus propagation delay) is
CS326e Quiz 3 The first correct 10 answers will be worth 1 point each. Each subsequent correct answer will be worth 0.2 points. Circle the correct answer. UTEID In the following 7 problems, we are sending
More informationMonitoring Android Apps using the logcat and iperf tools. 22 May 2015
Monitoring Android Apps using the logcat and iperf tools Michalis Katsarakis katsarakis@csd.uoc.gr Tutorial: HY-439 22 May 2015 http://www.csd.uoc.gr/~hy439/ Outline Introduction Monitoring the Android
More informationNomadic Communications Labs. Alessandro Villani avillani@science.unitn.it
Nomadic Communications Labs Alessandro Villani avillani@science.unitn.it Other Tools for the performances evaluation of a network Tools overview During our test we used IPERF: a very simple tools for the
More informationUPPER LAYER SWITCHING
52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches
More informationUnderstanding Slow Start
Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom
More informationIntrusion Detection System
Intrusion Detection System Time Machine Dynamic Application Detection 1 NIDS: two generic problems Attack identified But what happened in the past??? Application identification Only by port number! Yet
More informationLab 1: Evaluating Internet Connection Choices for a Small Home PC Network
Lab 1: Evaluating Internet Connection Choices for a Small Home PC Network Objective This lab teaches the basics of using OPNET IT Guru. We investigate application performance and capacity planning, by
More informationPacket Matching. Paul Offord, Advance7
Packet Matching Paul Offord, Advance7 Relax! Model network Server Farm Client Router / Firewall Firewall Load Balancer LAN 1 Internet 0 2 3 4 5 The challenge Matching packets from PC to 1 st server tier
More informationMcAfee Network Security Platform A uniquely intelligent approach to network security
McAfee Network Security Platform A uniquely intelligent approach to network security Key Advantages Unparalleled threat prevention Next-generation architecture. Advanced botnet and malware callback detection.
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation
More informationThe Fundamentals of Intrusion Prevention System Testing
The Fundamentals of Intrusion Prevention System Testing New network-based Intrusion Prevention Systems (IPS) complement traditional security products to provide enterprises with unparalleled protection
More informationVoice over Internet Protocol (VoIP) systems can be built up in numerous forms and these systems include mobile units, conferencing units and
1.1 Background Voice over Internet Protocol (VoIP) is a technology that allows users to make telephone calls using a broadband Internet connection instead of an analog phone line. VoIP holds great promise
More informationVPN Only Connection Information and Sign up
VPN Only Connection Information and Sign up Revision 4/16/2013 CU*Answers supports a variety of VPN network configurations for credit unions that desire to use VPN for primary connectivity. These options
More information4 Delivers over 20,000 SSL connections per second (cps), which
April 21 Commissioned by Radware, Ltd Radware AppDirector x8 and x16 Application Switches Performance Evaluation versus F5 Networks BIG-IP 16 and 36 Premise & Introduction Test Highlights 1 Next-generation
More informationAbout Firewall Protection
1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote
More informationWhat is Network Latency and Why Does It Matter?
What is Network Latency and Why Does It Matter? by O3b Networks This paper is presented by O3b Networks to provide clarity and understanding of a commonly misunderstood facet of data communications known
More informationChallenges of Sending Large Files Over Public Internet
Challenges of Sending Large Files Over Public Internet CLICK TO EDIT MASTER TITLE STYLE JONATHAN SOLOMON SENIOR SALES & SYSTEM ENGINEER, ASPERA, INC. CLICK TO EDIT MASTER SUBTITLE STYLE OUTLINE Ø Setting
More informationIntroducing FortiDDoS. Mar, 2013
Introducing FortiDDoS Mar, 2013 Introducing FortiDDoS Hardware Accelerated DDoS Defense Intent Based Protection Uses the newest member of the FortiASIC family, FortiASIC-TP TM Rate Based Detection Inline
More informationAKAMAI WHITE PAPER. Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling
AKAMAI WHITE PAPER Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling Delivering Dynamic Web Content in Cloud Computing Applications 1 Overview
More informationTRUFFLE Broadband Bonding Network Appliance BBNA6401. A Frequently Asked Question on. Link Bonding vs. Load Balancing
TRUFFLE Broadband Bonding Network Appliance BBNA6401 A Frequently Asked Question on Link Bonding vs. Load Balancing LBRvsBBNAFeb15_08b 1 Question: What's the difference between a Truffle Broadband Bonding
More informationCompany Network. We want to go into the Internet. Company MBK & Co. KG. von Stephanie Endlich, Thomas Hein, Stephan Gitz und Matthias Härtel
Company Network von Stephanie Endlich, Thomas Hein, Stephan Gitz und Matthias Härtel Company MBK & Co. KG We want to go into the Internet. 192.168.0.101 192.168.0.100 Task for Company STSM IT Tech Stephanie
More informationPictureTel H.323 Videoconferencing Network Bandwidth Analysis
PictureTel H.323 Videoconferencing Network Bandwidth Analysis by John Bartlett NSD Engineering PictureTel Corporation August 25, 1997 Introduction This document evaluates the network bandwidth required
More informationQ: What is the difference between the other load testing tools which enables the wan emulation, location based load testing and Gomez load testing?
PorposalPPP Q: Gomez is standlone web application testing tool? Gomez provides an on demand platform that you can use for both testing and monitoring your Web applications from the outside in across your
More informationSymantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations
Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations Technical Product Management Team Endpoint Security Copyright 2007 All Rights Reserved Revision 6 Introduction This
More informationSpirent Journal of Cloud Application and Security Services PASS Test Methodologies. June 2011 Edition. February 2011 Edition PASS
Spirent Journal of Cloud Application and Security Services PASS Test Methodologies June 2011 Edition February 2011 Edition PASS Introduction Today s Devices Under Test (DUT) represent complex, multi-protocol
More informationApplications. Network Application Performance Analysis. Laboratory. Objective. Overview
Laboratory 12 Applications Network Application Performance Analysis Objective The objective of this lab is to analyze the performance of an Internet application protocol and its relation to the underlying
More informationBroadband Quality of Service Experience (QoSE)
Broadband Quality of Service Experience (QoSE) Indicators 1 Price is not the only dimension that is of interest to customers and regulators. Quality of Service Experience (QoSE) is integrally connected
More informationHow To Analyze The Security On An Ipa Wireless Sensor Network
Throughput Analysis of WEP Security in Ad Hoc Sensor Networks Mohammad Saleh and Iyad Al Khatib iitc Stockholm, Sweden {mohsaleh, iyad}@iitc.se ABSTRACT This paper presents a performance investigation
More informationIntroduction. What is a computer network?
Introduction What is a computer network? Components of a computer network: hosts (PCs, laptops, handhelds) routers & switches (IP router, Ethernet switch) links (wired, wireless) protocols (IP, TCP, CSMA/CD,
More informationTCP Pacing in Data Center Networks
TCP Pacing in Data Center Networks Monia Ghobadi, Yashar Ganjali Department of Computer Science, University of Toronto {monia, yganjali}@cs.toronto.edu 1 TCP, Oh TCP! 2 TCP, Oh TCP! TCP congestion control
More informationLeading Entertainment Provider Optimizes Offsite Disaster Recovery with Silver Peak
Leading Entertainment Provider Optimizes Offsite Disaster Recovery with Silver Peak BUSINESS CHALLENGES:» Around the clock access to high bandwidth, real-time video content straining available network
More informationTELE 301 Network Management. Lecture 17: File Transfer & Web Caching
TELE 301 Network Management Lecture 17: File Transfer & Web Caching Haibo Zhang Computer Science, University of Otago TELE301 Lecture 17: File Transfer & Web Caching 1 Today s Focus FTP & Web Caching!
More information