Testing High Performance Firewalls

Uploaded on

Testing firewalls can be an exact science. Learn how Fortinet tests their firewalls using BreakingPoint. This presentation details how to test firewalls with real-world application traffic, load, and …

Testing firewalls can be an exact science. Learn how Fortinet tests their firewalls using BreakingPoint. This presentation details how to test firewalls with real-world application traffic, load, and live security attacks. This presentation was given by Fortinet in the BreakingPoint booth at Interop 2011 and included their announcement of the FortiGate 3950B's Resiliency Score of 95, the highest ever published.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Based on a patented breakthrough in network processor-driven innovation, only the BreakingPoint Storm CTM allows anyone to unleash Internet-scale cyberwar in a controlled environment. A single BreakingPoint Storm CTM produces high-performance traffic from hundreds of real-world applications, load from millions of users, and comprehensive security coverage that includes thousands of current attacks and malware, as well as obfuscation and evasion techniques. The product features built-in automation to:Produce a standardized Resiliency Score™ to measure network and data center performance, security and stabilityMeasure the performance of massive virtualized infrastructures in the face of peak user load and attackValidate the accuracy and performance of Lawful Intercept and Data Loss Prevention systemsAnd the architecture of this device makes it futureproof and always current. This means that you can use it to conduct accurate research into cyber conditions – not just today, but for many years to come.Businesses, Governments, and Internet users expect secure, reliable, and fast access to data and communications. When security measures slow network performance, communications are lost, agility is compromised, and billions of dollars are wasted. If security measures are not rigorous, critical information and national security are compromised and costs skyrocket. The goal is to find the optimal balance of security and performance to assure cyber infrastructure resiliency.The enemy of resiliency is network mayhem. Today’s public and private network infrastructures are complex, dynamic, and increasingly vulnerable to network mayhem in the form of cyber attacks, viruses, human error, and escalating traffic from bandwidth-heavy or easily compromised applications such as BitTorrent, Gmail, YouTube, Twitter, iPhone, Skype, and hundreds of others. BreakingPoint creates network mayhem by simulating true global network conditions with a current mix of blended application traffic and live security attacks at live network speeds, as well as traffic from millions of users, to assure resilient networks, Web applications and cloud services. Powered by high-speed network processors and specialized hardware, the BreakingPoint Storm emits high-speed stress vectors composed of a global, custom, and current mix of application and attack traffic. This precision product then images the effects of the stress vectors on a discrete device or a device within a network.


  • 1. Resiliency Testing of High Performance Firewalls
  • 2. Agenda
    Packets Per Second
    Connections Per Second
    Simultaneous Sessions
    Stacking It Up
    Real Traffic
    Resiliency Score
  • 3. Throughput
    What is it?
    It’s all about ‘volume’
    Why is it important?
    Maximum transfer capability
    How is it affected?
    Packet size – for smaller packets we may become packet per second bound
    File size – for smaller files we may become connection per second bound
    Physical limits – bus/interface limits
    How do we find it?
    For UDP – Single or multiple streams of large packet sizes
    For TCP – multiple HTTP GETs of 32K files
  • 4.
  • 5. Packets Per Second
    What is it?
    It’s all about ‘pressure’
    Why is it important?
    Small transaction characteristics
    How is it affected?
    Packet size – for larger packets we may become throughput bound
    How do we find it?
    Reduce packet size until you see packets per second maximize
  • 6.
  • 7. Latency
    What is it?
    It’s all about ‘bursts’
    Per packet (UDP)
    Per transaction (TCP)
    Why is it important?
    Transfer delay
    How is it affected?
    Hardware or software
    Session setup
    How do we find it?
    Measure latency at 10%, 50%, 75%, and 90% utilization
  • 8.
  • 9. Connections per second
    What is it?
    It’s all about ‘temperature’
    Why is it important?
    Most everything is a connection
    How is it affected?
    Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state
    Handled in CPU
    How do we find it?
    HTTP 1.0 connections transferring a single byte file
  • 10. Connections per second (cont)
    SYN handshake – 3 packets
    FIN close – 3 packets
    Data transfer – 4 packets
    Total of 10 packets. Can be reduced
    RST, piggyback gets, SACK – But this may be cheating
  • 11.
  • 12. Simultaneous sessions
    What is it?
    It’s all about ‘streams’
    Why is it important?
    How many parallel requests can you handle?
    How is it affected?
    Memory is the biggest factor
    How do we find it?
    Open, but do not complete sessions.
    Once all sessions are open, transfer data and close sessions
  • 13.
  • 14. Stacking it up
  • 15. Real Traffic
  • 16. Real Traffic
    Why is it good?
    More than one variable at a time
    Protocol interaction
    What makes it hard?
    Difficult to repeat
    Traffic is different for every customer
    Can we test it?
    Different mixes of application traffic
    Standard background traffic with specific
    security traffic
  • 17. How? Attack Thyself!
    Real Attacks
    • 4,500 live security attacks
    • 18. 100+ evasions
    • 19. Malware
    • 20. Spam
    • 21. DDoS and Botnet simulation
    • 22. Custom attacks
    • 23. Research and frequent updates
    Real World Applications
    • 150+ application protocols
    • 24. Social media, peer-to-peer, voice, video
    • 25. Web and enterprise applications, gaming
    • 26. Custom applications
    • 27. Frequent updates
    Unprecedented Performance
    • 120 Gbps blended application traffic
    • 28. 90M concurrent TCP sessions
    • 29. 3M TCP sessions/second
    • 30. 38 Gbps SSL bulk encryption
  • Resiliency Score
    What is it?
    Combines aspects of all previous tests to
    produce a single comparable result
    Why is it important?
    Can provide an easy way to compare different
    devices to each other
    How is it affected?
    Device configuration
    How do we find it?
    Its as simple as clicking a button (just do it before you go home)
  • 31. FortiGate 3950B
  • 32. Questions and Answers