Do You Know Your Firewall?

By Arnaud Castaner - Technical Lead, Applications & Security, EMEA at Spirent Communication

Modern Firewalls are complex devices. They typically are one form or another of Unified Threat Management or even a Next-Generation Firewall. Very rarely do they strictly offer pure firewalling-only. More and more they offer extra features: VPN capabilities, Deep Packet Inspection in the form of Anti-Virus scanning or Network Attacks Protection and Detection (IPS/IDS), Application Filtering and so on.

But do you know the performance cost of enabling these features? Can you today answer the question “I know exactly what the performance impact of turning on the anti-bot feature on my firewall is” with 100% certainty? Chances are you can’t because your vendor’s datasheet numbers come from best-case scenarios for data traffic optimized for performance. They don’t tell your story, use your traffic mix and don’t answer your questions.

Yet these features are critical. More and more in today’s networking we see clever attacks exploiting a wide range of vulnerabilities – from networking equipment all the way to operating systems and applications. There’s no question that these must be protected. Yet they must still be available ; availability is still a tenant of security. Before deploying a new IPS, enabling an AV or simply tuning the Application Filtering features of your network equipment you must know before going live what your performance levels will be. You don’t want to find out in production that your equipment can’t cope with your new WAN link or that it can’t handle so many user requests.

These issues are notoriously hard to troubleshoot in a live environment and should therefore be ran in controlled, lab environment that allows the reproduction of all your users, all your traffic, while still keeping a high degree of realism – both in behavior and payload.

If you would like to findout more about how Spirent can help you with your Firewall Testing then visit our website at - https://www.spirent.com/Products/CyberFlood or message me via LinkedIn.