Your SlideShare is downloading. ×
Testing High Performance Firewalls
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Testing High Performance Firewalls


Published on

Testing firewalls can be an exact science. Learn how Fortinet tests their firewalls using BreakingPoint. This presentation details how to test firewalls with real-world application traffic, load, and …

Testing firewalls can be an exact science. Learn how Fortinet tests their firewalls using BreakingPoint. This presentation details how to test firewalls with real-world application traffic, load, and live security attacks. This presentation was given by Fortinet in the BreakingPoint booth at Interop 2011 and included their announcement of the FortiGate 3950B's Resiliency Score of 95, the highest ever published.

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Based on a patented breakthrough in network processor-driven innovation, only the BreakingPoint Storm CTM allows anyone to unleash Internet-scale cyberwar in a controlled environment. A single BreakingPoint Storm CTM produces high-performance traffic from hundreds of real-world applications, load from millions of users, and comprehensive security coverage that includes thousands of current attacks and malware, as well as obfuscation and evasion techniques. The product features built-in automation to:Produce a standardized Resiliency Score™ to measure network and data center performance, security and stabilityMeasure the performance of massive virtualized infrastructures in the face of peak user load and attackValidate the accuracy and performance of Lawful Intercept and Data Loss Prevention systemsAnd the architecture of this device makes it futureproof and always current. This means that you can use it to conduct accurate research into cyber conditions – not just today, but for many years to come.Businesses, Governments, and Internet users expect secure, reliable, and fast access to data and communications. When security measures slow network performance, communications are lost, agility is compromised, and billions of dollars are wasted. If security measures are not rigorous, critical information and national security are compromised and costs skyrocket. The goal is to find the optimal balance of security and performance to assure cyber infrastructure resiliency.The enemy of resiliency is network mayhem. Today’s public and private network infrastructures are complex, dynamic, and increasingly vulnerable to network mayhem in the form of cyber attacks, viruses, human error, and escalating traffic from bandwidth-heavy or easily compromised applications such as BitTorrent, Gmail, YouTube, Twitter, iPhone, Skype, and hundreds of others. BreakingPoint creates network mayhem by simulating true global network conditions with a current mix of blended application traffic and live security attacks at live network speeds, as well as traffic from millions of users, to assure resilient networks, Web applications and cloud services. Powered by high-speed network processors and specialized hardware, the BreakingPoint Storm emits high-speed stress vectors composed of a global, custom, and current mix of application and attack traffic. This precision product then images the effects of the stress vectors on a discrete device or a device within a network.
  • Transcript

    • 1. Resiliency Testing of High Performance Firewalls
    • 2. Agenda
      Packets Per Second
      Connections Per Second
      Simultaneous Sessions
      Stacking It Up
      Real Traffic
      Resiliency Score
    • 3. Throughput
      What is it?
      It’s all about ‘volume’
      Why is it important?
      Maximum transfer capability
      How is it affected?
      Packet size – for smaller packets we may become packet per second bound
      File size – for smaller files we may become connection per second bound
      Physical limits – bus/interface limits
      How do we find it?
      For UDP – Single or multiple streams of large packet sizes
      For TCP – multiple HTTP GETs of 32K files
    • 4.
    • 5. Packets Per Second
      What is it?
      It’s all about ‘pressure’
      Why is it important?
      Small transaction characteristics
      How is it affected?
      Packet size – for larger packets we may become throughput bound
      How do we find it?
      Reduce packet size until you see packets per second maximize
    • 6.
    • 7. Latency
      What is it?
      It’s all about ‘bursts’
      Per packet (UDP)
      Per transaction (TCP)
      Why is it important?
      Transfer delay
      How is it affected?
      Hardware or software
      Session setup
      How do we find it?
      Measure latency at 10%, 50%, 75%, and 90% utilization
    • 8.
    • 9. Connections per second
      What is it?
      It’s all about ‘temperature’
      Why is it important?
      Most everything is a connection
      How is it affected?
      Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state
      Handled in CPU
      How do we find it?
      HTTP 1.0 connections transferring a single byte file
    • 10. Connections per second (cont)
      SYN handshake – 3 packets
      FIN close – 3 packets
      Data transfer – 4 packets
      Total of 10 packets. Can be reduced
      RST, piggyback gets, SACK – But this may be cheating
    • 11.
    • 12. Simultaneous sessions
      What is it?
      It’s all about ‘streams’
      Why is it important?
      How many parallel requests can you handle?
      How is it affected?
      Memory is the biggest factor
      How do we find it?
      Open, but do not complete sessions.
      Once all sessions are open, transfer data and close sessions
    • 13.
    • 14. Stacking it up
    • 15. Real Traffic
    • 16. Real Traffic
      Why is it good?
      More than one variable at a time
      Protocol interaction
      What makes it hard?
      Difficult to repeat
      Traffic is different for every customer
      Can we test it?
      Different mixes of application traffic
      Standard background traffic with specific
      security traffic
    • 17. How? Attack Thyself!
      Real Attacks
      • 4,500 live security attacks
      • 18. 100+ evasions
      • 19. Malware
      • 20. Spam
      • 21. DDoS and Botnet simulation
      • 22. Custom attacks
      • 23. Research and frequent updates
      Real World Applications
      • 150+ application protocols
      • 24. Social media, peer-to-peer, voice, video
      • 25. Web and enterprise applications, gaming
      • 26. Custom applications
      • 27. Frequent updates
      Unprecedented Performance
      • 120 Gbps blended application traffic
      • 28. 90M concurrent TCP sessions
      • 29. 3M TCP sessions/second
      • 30. 38 Gbps SSL bulk encryption
    • Resiliency Score
      What is it?
      Combines aspects of all previous tests to
      produce a single comparable result
      Why is it important?
      Can provide an easy way to compare different
      devices to each other
      How is it affected?
      Device configuration
      How do we find it?
      Its as simple as clicking a button (just do it before you go home)
    • 31. FortiGate 3950B
    • 32. Questions and Answers