Performance Verification of NGFW White Paper
Verifying the performance of NGFW and any network security device is essential to the success of the enterprise network it defends. With various advanced protection features such as application identification, intrusion prevention, threat detection, etc., the NGFW can easily become the bottleneck of the network, degrading the overall performance and user experience.
Firewalls, new or software/firmware upgrade, should always be tested and evaluated before deployment in order to ensure that they can work properly. The testbed should attempt to replicate the production network as close as possible, which includes the network topology, network traffic that traverses through the firewall. NGFW device should provide strong performance under all circumstances.
Using realistic application traffic mixes to verify the performance and behavior of NGFWs is essential. Under many circumstance, the best way to test NGFW performance is to use traffic that matches the actual characteristics of expected traffic as closely as possible, i.e. capture and replay, and application emulation
Xena provides a variety of test plans for NGFW performance verification with extreme TCP performance. Using the rich application library, VulcanAppMix, users can customize the pre-defined templates for application emulation on the DUT. Capture-and-replay allows scalable performance test using captured network traffic with great flexibility.
Performance Verification of NGFW White Paper – CONTENT
- Traditional Firewall Fails to Protect
- Boom in Next-Generation Firewalls
- NGFW Can Become Performance Bottlenecks
- Test Performance Before Deployment
- Verify Performance after Each Software Upgrade
- NGFW Performance Verification
- Realism Is Much More Than Simulation
- Application Mix Emulation for NGFW Performance
- Replay Your Captures
- Test Firewall with Correct Connection Establishment Pattern
- Throughput and Capacity Verification
- Throughput Performance
- Connection Capacity
- HTTP Capacity Test
- Pass-through SSL/TLS Throughput Test