Home Page


Email & Spam

Security Terminology

Security Topics

VPN & Cryptography




Which Network Firewall

Which Home Firewall

Network Firewall Buyers Guide


Firewall Terminology

Application Control

Application Layer Filtering

Firewall Authentication

High Availability, Failover, RAID, Clustering, & Redundancy

IPS & IDS Systems

Load Balancing & Link Balancing


Network Firewall Buyers Guide

Next-Gen vs UTM

Packet Filtering

Parental Control

Perimeter Network or DMZ

Personal or Hardware Firewall?

Ports Protocols and IP Addresses


Stateful Packet Filtering



What is a Firewall?

Which home Firewall?

Which Network Firewall?

Zero Day Protection


Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?


What is Guide

What is a Firewall?

What is a Virus?

What is Spam?


Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security



Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?





Network Hardware Firewalls Buyers Guide

Firewall Performance


Page 1 | Page 2 | Page 3 | Page 4 | Page 5


Page 3

You will need to make sure your firewall is big and powerful enough to cope with your organisation's requirements. Below are a number of questions you can use to help you find the correct firewall model. The three most common questions Firewall vendors and Firewall specialists require before recommending the correct firewall based on performance are number concurrent connections, your internet bandwidth and which UTM features you will be utilising. The more features you use the bigger the model required.



What is the bandwidth of your internet connection/s?

How many users exist within your company?

Will you be using your firewall's anti virus software?

Do you need IPS and for how many nodes will IPS be required for? IS IPS required for a particular operating system, a particular applications such as Apache?

Will you be using your firewall’s web filter?

How many users browse the web?

How many users surf the web at lunch time?

Will you be utilising the anti-spam protection?

How many users use e-mail?

How many e-mails flow in and out of your organization?

How many users remotely log into the Firewall using IPSec and SSL VPN?

How many VPN connections exist to other offices?

Do you have many policies and granular control over your users?


The above questions should give you an idea on the performance requirements you would require from your firewall. When you have noted answers to the above questions you can then look at firewall vendor data sheets indicating the performance specification and the capabilities of their firewalls and compare these to your statistics.

You need to do your maths and calculate scenarios when your firewall would be at its busiest usage. The last thing you want is your firewall coming to a halt because at lunch time everyone is surfing the web, e-mail throughput is high, remote users are using company resources via VPN and your firewall is not capable of handling the pressure. So you have to measure the firewall’s performance capabilities when under heavy pressure from your company's resources. The firewall must be able to handle your network’s performance requirements without degrading when using its security features.

Also when you have the full UTM package (Web, Anti-Spam, Anti-Virus, IPS filtering, application filtering, Endpoint NAC) turned on, this would inevitably take a big performance hit on any firewall, so again you would need to check how your firewall will perform when using these extra services or to check data sheet for maximum throughput when the firewall is performing with all these features turned on.


What does the data sheet or firewall comparison guides say on the firewall's performance capabilities?

Look for vendor information on what the firewall’s maximum throughputs are, maximum sessions it can handle, maximum mobile and site to site VPN's, maximum policy rules that can be implemented, etc.


What is the firewall's hardware specification?

Have a look at the hardware specification. This will also give you an indication of how powerful the firewall is and then you can compare to other firewall’s from different vendors.


Does the Firewall have the ability to prioritise traffic with sufficient level of granularity? Can it priorities VOIP and Video conferencing traffic with guaranteed bandwidth?

Analyse what traffic is more important to your company. For example you may want to guarantee bandwidth for video conferencing over users surfing the web. Have a look for QOS (Quality of service) and traffic shaping functionality within the firewall.


Does the firewall come with some good graphical utilities showing the performance statistics, and any possible performance issues?

In scenarios when your firewall is dragging by and not coping with the number of requests, this is when you need to analyse the problem and find out what it is that is causing the problem. Do you have performance counters showing where the issue could be?

It may be that your 500 remote VPN users have been asked immediately to log in remotely and update their current location. Looking at the VPN performance counter may show 475 VPN users logged in at once and this will indicate why your firewall has suddenly stopped performing at adequate levels. This will ease the pressure of you rebooting and causing further chaos.

Do you have other real time graphical utilities such as the number of users streaming videos from YouTube, etc? This will also provide you with further information to why the internet is running slow in a point of time.


Final words

Have you thought about the next few years? Do you need some room for performance impact when you open new office locations, employ more staff, introduce web filtering at a later stage? You may be planning to run your own web servers, FTP servers at some stage and may require more users to authenticate and more filtering to take place. As well as having a firewall which is capable of the throughput from and to your company, you may well need it to be scalable and future proof for future developments.


Page 1 | Page 2 | Page 3 | Page 4 | Page 5

For further reading, there's some excellent electronic ebooks available for download from eBooks.com