www.fortinet.com 1

White Paper : Real-World Network Security Performance Testing

Real-World Network Security Performance TestingWhy Performance and Security Matter when Building the Next Generation Enterprise Network

AbstractAs networking continues to evolve and organizations look to refresh their security architecture to embrace the latest technologies, they must sift through competing vendor claims about protection, performance and price. They need a way to evaluate their options using real-world tests to determine the best solution for their needs, which will likely include high performance security, ultra low latency, scalability and 10 Gigabit Ethernet connectivity.

Network Security Continues to EvolveOrganizations are facing ever-increasing security and performance challenges caused by changes in access technology, user behavior, and regulatory requirements. They need to secure their web sites, networks, and applications from increasingly sophisticated threats and evasion techniques. At the same time, security measures must not impede productivity or affect reliability as networks accommodate more diverse access methods and use cases.

Understanding the true performance of a network security device as it protects against a wide range of threats is essential to designing a future-ready network security solution. Network security professionals understand the need to balance the potentially competing requirements of more performance and more security at an abstract level, but often lack the information they need to make informed decisions.

Organizations traditionally cannot compare the performance of one vendor’s device versus another across a range of metrics using real-world data, unless they engage in expense and time-consuming PoC tests. Also, they often lack the ability to measure the impact of new technologies they have yet to deploy in their network, such as enabling smartphone and tablet access to network resources.

www.fortinet.com 32 www.fortinet.com

White Paper : Real-World Network Security Performance Testing White Paper : Real-World Network Security Performance Testing

Next-Generation Performance RequirementsNext-generation networks however, must deliver future-ready network security without sacrificing either performance or security. For example, small packets traffic generated from smartphones and tablets will continue to grow in the network as these devices replace traditional desktop and notebook systems.

The significance of this trend is that the high volume of small packets and less predictable applications can increase the latency of data traversing a security device. Increased latency will degrade the performance of Financial Services applications that rely on lightning-fast market data or real-time communications like Voice over IP, video, and other streaming media.

NSS Labs Real-World TestingNSS Labs operates the world’s largest independent security and performance labs. In the Firewall 2013 testing, NSS Labs tested the Security Effectiveness, Performance, Management, and Total Cost of Ownership (TCO) of 12 different network security company products. The tested models would include the following:

u Barracuda F800

u Check Point 12600

u Cyberoam CR2500iNG

u Dell SonicWALL NSA 4500

u Fortinet FortiGate-800c

u Juniper SRX550

u NETASQ ng1000-A

u NETGEAR ProSecure UTM9S

u Palo Alto Networks PA-5020

u Sophos UTM 425

u Stonesoft FW-1301

u WatchGuard XTM 1050

NSS Labs creates tests to mimic real-world use cases, to allow customers the ability to see how various vendors compare against a range of use cases:

u The FortiGate-800C was the only device to demonstrate the ability to deliver near line-rate performance across all packet sizes, from 1514 bytes all the way down to 64 bytes

u The FortiGate-800C was the only device to consistently demonstrate latency of less than 10 microseconds, ideal for latency-sensitive environments like Financial Services or those that utilize voice, video, or other multimedia technologies.

In Figure 1, the NSS Labs Firewall Security Value Map 2013 demonstrates that Fortinet delivers the security, performance, and TCO campus perimeter organizations need by earning the “Recommend” rating.

The FortiGate-800C highlights from the report include:

u Passed 100% of Stability & Reliability testing

u Passed 100% of Firewall Enforcement testing

u Passed 100% of Security Effectiveness testing

u 9.7 Gbps of real world traffic – Only vendor to provide near 10 Gbps performance with 10 Gig I/O in the sub $10K price band

u $4 per protected/ Mbps TCO

In Figure 2, the 2013 NSS Labs Network Firewall Comparative Analysis Report - Performance shows UDP Throughput by Packet Size. The FortiGate-800C delivers predictable performance for 64 byte to 1514 byte packet traffic.

In Figure 3, the 2013 NSS Labs Network Firewall Comparative Analysis Report - Performance shows Fortinet Fortigate-800c

is the only vendor to scale equally well in the “real-world” protocol mixes of both Core and Perimeter. These mixes include different combinations of data to reflect the different use cases of a large datacenter or the core of an enterprise network.

Figure 2: UDP Throughput by Packet Size (2013 NSS Labs

Summary A strong perimeter defense is essential for any corporate network security. By offering a scalable family of network security appliances and systems, Fortinet provides security and performance with a cost effective solution for networks of all sizes.

The FortiGate-800C is the ideal combination of robust security technology, performance, ultra low latency, and TCO, delivering 100% Overall Protection

u 100% - Stability & Reliability

u 100% - Firewall Enforcement

u 100% - Security Effectiveness

GLOBAL HEADQUARTERSFortinet Inc.1090 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700Fax: +1.408.235.7737www.fortinet.com/sales

EMEA SALES OFFICE120 rue Albert Caquot06560, Sophia Antipolis, FranceTel: +33.4.8987.0510Fax: +33.4.8987.0501

APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730Fax: +65.6223.6784

LATIN AMERICA SALES OFFICEProl. Paseo de la Reforma 115 Int. 702Col. Lomas de Santa Fe,C.P. 01219 Del. Alvaro ObregónMéxico D.F.Tel: 011-52-(55) 5524-8480

Copyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Figure 2: UDP Throughput by Packet Size

Figure 1: 2013 NSS Labs Network Firewall Security Value Map

IFigure 3: Real-World Performance by Device