There are several firewall vendors out there promoting their product's performance by advertising a firewall's throughput in terms of "bits per second." I am wondering whether this is the right way to judge/benchmark the firewall? Should we take the stateful inspection into consideration?
I would choose a firewall based more on the security features that you want and any independent evaluations available for the firewall (such as NIAP [National Information Assurance Partnership] Common Criteria evaluations), rather than throughput. Most vendors have different models of the same firewall that are applicable to different line rates, so finding one that meets your needs should not be a problem.
Stateful inspection firewalls definitely have their place and should be considered. However, port-filtering and proxy-based firewalls also have their uses. It all depends upon what you are trying to protect and what you are trying to guard against.
For more information on this topic, visit these other SearchSecurity.com resources:
- Best Web Link: Firewalls
- Network Security Tip: Firewall best practices
- Expert Advice: The difference between a two-tier and a three-tier firewall
Dig deeper on Application Firewall Security
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.