没有合适的资源?快使用搜索试试~ 我知道了~
SafireReport_Fortinet_FG1500D.pdf
需积分: 10 0 下载量 180 浏览量
2021-01-16
00:30:36
上传
评论
收藏 675KB PDF 举报
温馨提示
试读
36页
Xena Safire防火墙性能测试报告 飞塔FG1500D防火墙性能测试报告
资源详情
资源评论
资源推荐
FIREWALL PERFORMANCE TEST REPORT
Fortinet: FG-1500D
Test Results Highlights
4240Mbps
Goodput
16424
Sessions
2.55ms
Latency
2%
Error Percentage
0 | 10
Malware Passed
Test Conguration Highlights
Network Topology:
Enterprise Internal Segmentation
Trac Prole:
ENT. Internal Segmentation Mix (L)
Features Enabled on Firewall:
Date: 2020-09-30
Start Time: 2020-09-30 (11:05:44)
End Time: 2020-09-30 (11:19:10)
Duration: 00:13:25
Sare Version: v2.3.3
AntiVirus Application Control IPS/IDS
SSL Certicate Validation
Logging and Reporting
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Contents
1. Executive Summary
1.1. Test Methodology
1.2. Test Results Highlights
1.3. Test Conguration Highlights
2. Introduction
3. Test Information
4. Firewall Under Test
5. Network Topology
6. Trac Prole
6.1. User Per Application
6.2. Bandwidth Per Application
6.3. Session Per Application
6.4. Packet Size Per Application
6.5. Table View
7. Test Iterations
8. Test Result
8.1. Goodput and Throughput
8.2. Concurrent Sessions
8.3. Latency
8.4. Error Percentage
8.5. Total Malware Passed
8.6. Firewall CPU Usage
8.7. Firewall Memory Usage
8.8. Total Cost of Ownership Per Mbps
8.9. Summary
9. Contact Information
DISCLAIMER
No part of this publication on may be reproduced, copied/scanned, stored on a retrieval system, e-mailed or otherwise disseminated or transmitted without the express
written consent of Xena Networks. ("us" or "we").
This disclaimer contains important information that binds you. If you do not agree to these conditions, you should not read the rest of this report but should instead return
the report immediately to us. "You" or "your" means the person who accesses this report and any entity on whose behalf he/she has obtained this report.
1. The information in this report is subject to change without notice, and we disclaim any obligation to update it.
2. The information on in this report is believed by us to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report
are at your sole risk. We are not liable or responsible for any damages, losses, or expenses of any nature whatsoever arising from any error or omission in this
report.
3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY US. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, AND NON-INFRINGEMENT, ARE HEREBY DISCLAIMED AND EXCLUDED BY US. IN NO EVENT SHALL WE BE LIABLE FOR ANY DIRECT,
CONSEQUENTIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR
OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and/or
software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet your
expectations, requirements, needs, or specications, or that they will operate without interruption.
5. This report does not imply any endorsement, sponsorship, aliation, or verication by or with any organizations mentioned in this report.
6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners.
© 2020 Xena Networks. All rights reserved.
1 Executive Summary
Firewalls from different vendors have large performance differences when tested with different trac proles when
different security features are enabled. Sare’s trac proles emulate various packet sizes, sessions per client IP
address, and allocated bandwidth, to best reect the real-world trac pattern.
The trac prole used by this test is ENT. Internal Segmentation Mix (L).
1.1 Test Methodology
Sare's rewall performance characterization methodology gradually increases the trac load offered to the rewall in
terms of number of client IP addresses (users) and allocated bandwidth from one test iteration to another.
During each test iteration, Sare sends 10 unencrypted and 10 encrypted malware trac from the servers to the clients
to exercise rewall’s anti-malware engine. Sare measures the following metrics during each iteration:
Throughput & Goodput
Concurrent Sessions
Latency (average round-trip time)
Error Percentage (TCP retransmission and UDP loss over total transmitted packets)
Malware Passed by Firewall (unencrypted | encrypted)
Firewall CPU (Data Plane) Usage
Firewall Memory Usage
1.2 Test Results Highlights
The table below shows the maximum goodput and the corresponding measurements when the rewall is in a stable
condition. Measurements of the rewall under test being in a congested condition are excluded from the analysis.
Goodput Sessions Latency Error Percentage Malware Passed FW Resource Usage
4240Mbps
( 4985Mbps )
16424 2.55 ms 2 %
0unencrypted
10encrypted
0% CPU
0% Memory
1.3 Test Conguration Highlights
Network Topology:
Enterprise Internal Segmentation
Trac Prole:
ENT. Internal Segmentation Mix (L)
Features Enabled on Firewall:
© Xena Networks Page 3
AntiVirus Application Control
IPS/IDS SSL Certicate Validation
Logging and Reporting
2. Introduction
Enterprises are investing in enterprise-class rewalls to counteract the threats posted by the increasing network and
data security breach every year. Firewalls are typically deployed at the edge of or inside enterprises to protect clients
and servers from malwares, exploits, data breach, target attacks, etc. Many security experts such as IT and security
managers, and CSOs believe that they are improving their network security posture by implementing a new security
solution.
However, verifying the performance of rewall and any network security device is essential to the success of the
enterprise network it defends. With various advanced protection features such as application identication, intrusion
prevention, threat detection, logging, etc., your rewall can easily become the performance bottleneck of the network,
degrading the overall performance and user experience. Because of this trade-off, it is vital to test the performance of
your rewall with specic features enabled on the rewall appliance.
Either out-of-box or rmware upgrade, rewall appliances should always be tested and evaluated before deployment in
order to guarantee that new security protections do not adversely impact performance and that security shortcuts are
not taken to maintain or improve the performance. The test case should attempt to replicate the production network as
close as possible, which includes network topology, network trac that traverses through the rewall, features and
policies enabled on the rewall, etc. Firewall appliance should deliver the expected performance under all
circumstances.
This test report is generated by Sare, Xena's innovative enterprise rewall performance tester. Sare automatically
measures and characterizes the performance of a rewall under realistic trac conditions, with the results and key
conclusions automatically being represented in a readable report format. Thus, the IT and network managers can
easily assess the negative performance impact for the multiple rewall security features.
Sare makes it a simple and cost-ecient tool for the use cases below:
Pre-Deployment
Model Migration.
Should you switch from physical rewalls to virtual rewalls for your organization (Virtualization Transition)? Use
Sare to compare the performances and total cost of ownership per Mbps and ensure a smooth transition. Should
you upgrade the host servers for your virtual rewalls (Server Upgrade in Private Cloud)? Sare facilitates data-
driven solution design and optimal hardware selection/conguration. Should you upgrade your virtual rewalls to
have more performance (Model Upgrade)? Use Sare to compare the performances of different virtual rewalls.
Let the result data help you through the process.
Vendor Comparison.
Should you switch vendor and replace the existing rewall with another one (Switching Vendor)? Test with your
trac and use the analysis data to guide your decision. Should you start implementing a new rewall solution for
your organization (Implement New Security Solution)? Compare the performance of different vendors and make
your decision on the analysis data..
Post-Deployment
Firmware Upgrade.
Does the new rmware still deliver the expected performance to your trac (Regression Testing)? Regression
performance testing after rewall rmware upgrade. Does your rewall performance degrade as its rmware
upgrades (Upgrade Maintenance)? Compare the performances of different rmware.
Policy Conguration Change.
Does the policy conguration change have any impact on the performance (Regression Testing)? Regression
performance testing after rewall policy conguration is changed. Does a specic security inspection policy
severely impact the performance (Performance Debugging)? Does decryption result in high CPU usage? Verify
performances of different rewall functions enabled to gain a clear picture of the rewall performance
characteristics.
Trac Pattern Change.
Will the rewall be able to support the trac increase from new servers and teams (LAN Network Expansion)?
Early discovery of potential performance bottleneck before the expansion. Periodically verifying the rewall can
deliver the performance as network trac evolves over time (Periodic Maintenance).
© Xena Networks Page 4
3. Test Information
Test Name: Demo Test Case
Test Date Time: 2020-09-30
Test Start: 2020-09-30 (11:05:44)
Test Stop: 2020-09-30 (11:19:10)
Test Duration: 00:13:25
Network Topology: Enterprise Internal Segmentation
Comment:
Run this test case
© Xena Networks Page 5
剩余35页未读,继续阅读
Xena_Networks
- 粉丝: 268
- 资源: 35
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0