0
How To Measure the Performance, Securityand Stability of Your Enterprise FirewallFebruary 16th at 2:30 pm
Agenda•   Throughput•   Packets Per Second•   Latency•   Connections Per Second•   Simultaneous Sessions•   Stacking It Up...
ThroughputWhat is it?  It’s all about ‘volume’Why is it important?  Maximum transfer capabilityHow is it affected?  Packet...
Packets Per SecondWhat is it?    It’s all about ‘pressure’Why is it important?    Small transaction characteristicsHow is ...
LatencyWhat is it?    It’s all about ‘bursts’             Per packet (UDP)             Per transaction (TCP)Why is it impo...
Connections per secondWhat is it?    It’s all about ‘temperature’Why is it important?    Most everything is a connectionHo...
Connections per second (cont)SYN handshake – 3 packets               Data transfer – 4 packets   FIN close – 3 packetsTota...
Simultaneous sessionsWhat is it? It’s all about ‘streams’Why is it important? How many parallel requests can you handle?Ho...
Stacking it up                 FortiGate-3950B
Real Traffic
Real TrafficWhy is it good? More than one variable at a time Protocol interactionWhat makes it hard? Difficult to repeat T...
How? Attack Thyself!Real Attacks•   4,500 live security attacks•   100+ evasions•   Malware•   Spam•   DDoS and Botnet sim...
Questions and Answers17
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls
Upcoming SlideShare
Loading in...5
×

BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls

828

Published on

BreakingPoint and Fortinet present "How To Measure the Performance, Security, and Stability of Your Enterprise Firewall" at the 2011 RSA Conference.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
828
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls"

  1. 1. How To Measure the Performance, Securityand Stability of Your Enterprise FirewallFebruary 16th at 2:30 pm
  2. 2. Agenda• Throughput• Packets Per Second• Latency• Connections Per Second• Simultaneous Sessions• Stacking It Up• Real Traffic
  3. 3. ThroughputWhat is it? It’s all about ‘volume’Why is it important? Maximum transfer capabilityHow is it affected? Packet size – for smaller packets we may become packet per second bound File size – for smaller files we may become connection per second bound Physical limits – bus/interface limitsHow do we find it? For UDP – Single or multiple streams of large packet sizes For TCP – multiple HTTP GETs of 32K files 3
  4. 4. Packets Per SecondWhat is it? It’s all about ‘pressure’Why is it important? Small transaction characteristicsHow is it affected? Packet size – for larger packets we may become throughput boundHow do we find it? Reduce packet size until you see packets per second maximize5
  5. 5. LatencyWhat is it? It’s all about ‘bursts’ Per packet (UDP) Per transaction (TCP)Why is it important? Transfer delayHow is it affected? Hardware or software Session setupHow do we find it? Measure latency at 10%, 50%, 75%, and 90% utilization7
  6. 6. Connections per secondWhat is it? It’s all about ‘temperature’Why is it important? Most everything is a connectionHow is it affected? Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state Handled in CPUHow do we find it? HTTP 1.0 connections transferring a single byte file9
  7. 7. Connections per second (cont)SYN handshake – 3 packets Data transfer – 4 packets FIN close – 3 packetsTotal of 10 packets. Can be reduced RST, piggyback gets, SACK – But this may be cheating 10
  8. 8. Simultaneous sessionsWhat is it? It’s all about ‘streams’Why is it important? How many parallel requests can you handle?How is it affected? Memory is the biggest factorHow do we find it? Open, but do not complete sessions. Once all sessions are open, transfer data and close sessions11
  9. 9. Stacking it up FortiGate-3950B
  10. 10. Real Traffic
  11. 11. Real TrafficWhy is it good? More than one variable at a time Protocol interactionWhat makes it hard? Difficult to repeat Traffic is different for every customerCan we test it? Different mixes of application traffic Standard background traffic with specific security traffic15
  12. 12. How? Attack Thyself!Real Attacks• 4,500 live security attacks• 100+ evasions• Malware• Spam• DDoS and Botnet simulation• Custom attacks• Research and frequent updatesReal World Applications• 150+ application protocols• Social media, peer-to-peer, voice, video• Web and enterprise applications, gaming• Custom applications• Frequent updatesUnprecedented Performance• 120 Gbps blended application traffic• 90M concurrent TCP sessions• 3M TCP sessions/second• 38 Gbps SSL bulk encryption
  13. 13. Questions and Answers17
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×