2. Introduction
Enterprises are investing in enterprise-class rewalls to counteract the threats posted by the increasing network and
data security breach every year. Firewalls are typically deployed at the edge of or inside enterprises to protect clients
and servers from malwares, exploits, data breach, target attacks, etc. Many security experts such as IT and security
managers, and CSOs believe that they are improving their network security posture by implementing a new security
solution.
However, verifying the performance of rewall and any network security device is essential to the success of the
enterprise network it defends. With various advanced protection features such as application identication, intrusion
prevention, threat detection, logging, etc., your rewall can easily become the performance bottleneck of the network,
degrading the overall performance and user experience. Because of this trade-off, it is vital to test the performance of
your rewall with specic features enabled on the rewall appliance.
Either out-of-box or rmware upgrade, rewall appliances should always be tested and evaluated before deployment in
order to guarantee that new security protections do not adversely impact performance and that security shortcuts are
not taken to maintain or improve the performance. The test case should attempt to replicate the production network as
close as possible, which includes network topology, network trac that traverses through the rewall, features and
policies enabled on the rewall, etc. Firewall appliance should deliver the expected performance under all
circumstances.
This test report is generated by Sare, Xena's innovative enterprise rewall performance tester. Sare automatically
measures and characterizes the performance of a rewall under realistic trac conditions, with the results and key
conclusions automatically being represented in a readable report format. Thus, the IT and network managers can
easily assess the negative performance impact for the multiple rewall security features.
Sare makes it a simple and cost-ecient tool for the use cases below:
Pre-Deployment
Model Migration.
Should you switch from physical rewalls to virtual rewalls for your organization (Virtualization Transition)? Use
Sare to compare the performances and total cost of ownership per Mbps and ensure a smooth transition. Should
you upgrade the host servers for your virtual rewalls (Server Upgrade in Private Cloud)? Sare facilitates data-
driven solution design and optimal hardware selection/conguration. Should you upgrade your virtual rewalls to
have more performance (Model Upgrade)? Use Sare to compare the performances of different virtual rewalls.
Let the result data help you through the process.
Vendor Comparison.
Should you switch vendor and replace the existing rewall with another one (Switching Vendor)? Test with your
trac and use the analysis data to guide your decision. Should you start implementing a new rewall solution for
your organization (Implement New Security Solution)? Compare the performance of different vendors and make
your decision on the analysis data..
Post-Deployment
Firmware Upgrade.
Does the new rmware still deliver the expected performance to your trac (Regression Testing)? Regression
performance testing after rewall rmware upgrade. Does your rewall performance degrade as its rmware
upgrades (Upgrade Maintenance)? Compare the performances of different rmware.
Policy Conguration Change.
Does the policy conguration change have any impact on the performance (Regression Testing)? Regression
performance testing after rewall policy conguration is changed. Does a specic security inspection policy
severely impact the performance (Performance Debugging)? Does decryption result in high CPU usage? Verify
performances of different rewall functions enabled to gain a clear picture of the rewall performance
characteristics.
Trac Pattern Change.
Will the rewall be able to support the trac increase from new servers and teams (LAN Network Expansion)?
Early discovery of potential performance bottleneck before the expansion. Periodically verifying the rewall can
deliver the performance as network trac evolves over time (Periodic Maintenance).
© Xena Networks Page 4
评论0