Tests Demonstrate Fortinet Delivers Industry-Leading IPS Performance
Performance Evaluation Tests Performed on the FortiGate-3950B Using BreakingPoint Security Testing Products and NSS Labs Methodology
BreakingPoint security testing products are used throughout the world to harden networks and data centers in the face of escalating application loads and attacks. Those compact devices create high-performance application and attack traffic from hundreds of real-world applications, load from millions of users, and broad security coverage that includes tens of thousands of current attacks and malware, as well as obfuscation and evasion techniques. Each BreakingPoint product features built-in automation to produce a standardized Resilience Score to measure network and data center performance;
Following the NSS Labs IPS testing methodology, two L4 and L7 tests were conducted on the Fortigate-3950B appliance, one with IPS optimization enabled and the other without. The traffic setup was unidirectional and a large number of IP addresses were used on both the client and server sides to provide the most realistic testing conditions that reflect the largest number of devices present on a network.
Industry’s Highest Performance IPS services and Best Catch Rate
An inline network device such as an IPS system needs to provide as a minimum requisite sufficient throughput and low latency. Throughput provides the necessary performance when transferring large volumes of content across a corporate network, while the latency level is important to ensure that latency-critical network applications, such as VoIP and video, work seamlessly. By using the BreakingPoint Enterprise Application Mix test and the high medium and critical IPS signature, the FortiGate-3950B provided a throughput of 16.9 Gbps. Such level of throughput is necessary to deliver the advanced IPS services required to detect and block incoming threats without affecting network performance. The tests also showed that the FortiGate-3950B’
Another key parameter for today's systems is the ability to accept and process new connections every second. Tested using BreakingPoint security testing products, the FortiGate-3950B showed that the TCP traffic rate could support up to 100,000 new TCPs per second with IPS activated. Note that this result is 2.5 times higher in a pure firewall mode.
At last, the FortiGate-3950B appliance achieved a 91% IPS Attack Catch Rate while being subject to the enterprise traffic mix test, making it one of the best catch rates under load in the network security industry today. Equally, the zero failure rate recorded in the tests for application transactions and cumulative TCP connections, even at full CPU utilization, demonstrates the appliance’s ability to effectively intercept malicious traffic without packet loss.
“Beyond marketing claims, we believe that it is essential to validate the performance of our network security solutions using metric-based, rigorous real-world testing,” said Bashar Bashaireh, Regional Director, Fortinet Middle East. “By leveraging BreakingPoint’
The FortiGate-3950B next-generation firewall appliance offers unmatched levels of performance, scalability, and security for large enterprise networks and managed service providers. Purpose-built by Fortinet, the FortiGate-3950B features custom FortiASIC™ processors, layered multi-threat protection from the FortiOS™ operating system, and a flexible, modular architecture. The FortiGate-3950B provides up to 120 Gbps of firewall throughput and features a modular, space-saving 3-RU form factor, with five Fortinet Mezzanine Card (FMC) expansion bays.
The FortiGate-3950B's performance provides the power to detect, block or prevent threats in real time. The appliance leverages the relevant IPS signatures from Fortinet's customizable database of thousands of known threats to stop attacks that evade conventional firewall defenses. Fortinet's anomaly-based detection enables the appliance to recognize threats even when no signature has yet been developed. New attack signatures are delivered 24/7 from the award-winning FortiGuard® Intrusion Prevention Service to provide automatic, real-time updates and keep organizations ahead of the latest threats. The combination of high performance interlaced with the Fortiguard team's known and unknown threat prevention, plus tight integration with other Fortinet security technologies, enables the FortiGate-3950B to stop the most damaging attacks at security check points regardless of whether the network is wired or wireless, or the IPS is located at the network core or perimeter.
About Fortinet (www.fortinet.com)
Fortinet is a worldwide provider of network security appliances and the market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure. Our customers include enterprises, service providers and government entities worldwide, including the majority of the 2009 Fortune Global 100. Fortinet's flagship FortiGate product delivers ASIC-accelerated performance and integrates multiple layers of security designed to help protect against application and network threats. Fortinet's broad product line goes beyond UTM to help secure the extended enterprise - from endpoints, to the perimeter and the core, including databases and applications. Fortinet is headquartered in Sunnyvale, Calif., with offices around the world.