How to stress a UTM
For our scenario-based test of the Astaro, SonicWall, WatchGuard, and ZyXel UTMs, we simulated a representative corporation with 200 branch offices all connecting back to headquarters for various services. Unlike previous firewall tests, we tested all three major firewall functions -- Internet services, secure remote access, and malware blocking -- simultaneously, in order to better represent the workloads these devices face when deployed in the real world.
First, using the Ixia IxLoad system, we ran a mix of HTTP, FTP, POP, and SMTP traffic through three firewall interfaces: LAN to WAN to simulate Web browsing by employees; LAN To DMZ to simulate employees updating and querying public servers; and WAN to DMZ to simulate to simulate external users interacting with the company's public servers and employees on the road accessing e-mail. This also created a baseline on which to compare performance.
Second, again using the IxLoad, we ran a mix of HTTP, FTP, POP, and SMTP traffic through each of 200 VPNs, simulating 10 users at each branch office accessing intranet servers on the LAN. This allowed us to see how overall throughput was affected by VPN activity, and completed our legitimate traffic baseline for our fictitious company.
[ When is a UTM not a UTM? Read the overall results of the InfoWorld Test Center's great UTM challenge. Read the reviews: Astaro Security Gateway 425 | SonicWall NSA E7500 | WatchGuard Firebox Peak X5500e | ZyXel ZyWall USG1000. Compare the UTMs feature by feature. ]
Third, we added malware to the mix, using Mu Dynamics' Mu-4000 and Published Vulnerability Attacks module to test the UTMs' attack blocking capabilities. Attacks were launched against the WAN interface to simulate bot traffic and other external threats, and then from the LAN interface to simulate an outbreak from an infected laptop being plugged in behind the firewall.
Feeds and misdeeds
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
dell Inspiron 6000 laptop
dell Inspiron 6000 laptop batteries