Next-Gen Firewall Testing
Measure and optimize the performance, security, and stability of next-generation firewalls
Next-generation security devices are deployed not only to prevent attacks and stop vulnerabilities but also to recognize and control content-aware traffic. Unfortunately, the performance of a deployed next-generation firewall or IPS will never match what was printed on the vendor data sheet. The reason is simple: The device was tested in pristine lab conditions using a generic traffic mix, and now you are deploying it in a real network that is anything but pristine or generic.
Next-generation security devices demand next-generation testing that will subject the full range of conditions present in real-world networks. This means not simply testing on specific protocols, traffic, or ports but determining performance, security, and stability using real applications and user behavior. Legacy testing will provide inaccurate results since it is unable to do much more than examine throughput and forwarding rates for unicast IP packets sent at a constant rate and packet size. This means you are not factoring in or validating modern context-aware technologies such as rate shaping and deep packet inspection.
| Metric | Specification | Firewall A | Firewall B | Firewall C |
| Transactions per Second | 10,000 | 12,243 | 8,832 | N/A |
| Concurrent Flows (combined TCP and UDP) |
30,000 | 32,684 | 57,908 | 14,618 |
| Average Latency (microseconds) |
5,000 | 5,114 | 1,308 | 235,648 |
| Attacks Blocked (Ixia BreakingPoint Security Level 1) |
80% | 47% | 91% | 78% |
| Transactions per Second with 1.0% malformed traffic |
8,000 | 9,268 | 4,861 | N/A |
| Key: | Met Specification | Missed Specification by 5% or less | Missed Specification more than 5% |
Ixia BreakingPoint Actionable Security Intelligence (ASI) solutions are the only capable of validating next-gen firewall and IPS testing using an authentic blend of stateful application traffic combined with live security attacks and massive-scale user load. Ixia BreakingPoint ASI solutions create the actual behavior of millions of wired and wireless users, hundreds of applications, and tens of thousands of security attacks to properly test firewalls.
By using Ixia BreakingPoint next-generation firewall testing, you will:
- Validate firewall performance and security under massive load from millions of simultaneous users
- Put content-aware device capabilities to the test before deployment by creating custom traffic mixes drawn from more than 160 communications, enterprise, social, and gaming application protocols
- Stress enterprise firewalls by selecting from more than 34,000 live security attacks and malware, plus obfuscations and evasions, to pinpoint potential vulnerabilities
Learn how Cisco used Ixia BreakingPoint solutions for next-generation firewall testing while reducing time-to-test.
[ top of page ]