There are several firewall vendors out there promoting their product's performance by
advertising a firewall's throughput in terms of "bits per second." I am wondering whether this is
the right way to judge/benchmark the firewall? Should we take the stateful inspection into
I would choose a firewall based more on the security features that you want and any independent evaluations available for the firewall (such as NIAP [National Information Assurance Partnership] Common Criteria evaluations), rather than throughput. Most vendors have different models of the same firewall that are applicable to different line rates, so finding one that meets your needs should not be a problem.
Stateful inspection firewalls definitely have their place and should be considered. However, port-filtering and proxy-based firewalls also have their uses. It all depends upon what you are trying to protect and what you are trying to guard against.
For more information on this topic, visit these other SearchSecurity.com resources:
- Best Web Link: Firewalls
- Network Security Tip: Firewall best practices
- Expert Advice: The difference between a two-tier and a three-tier firewall
This was first published in May 2003