Stories by: Joel Snyder

+

Next-gen firewalls: Off to a good start 07 May, 2012 14:39:32

When we tested four next-gen firewalls strictly on performance, we found that the products could forward packets at impressive rates, but throughput dropped when advanced security features were turned on. We now dive deep into application identification and control - the defining features of next-gen firewalls - to find out what works and what doesn't.
+

Next-gen firewalls require external visibility tools 07 May, 2012 14:39:29

Knowing what's happening on your network is a pre-requisite to controlling the traffic. We call that visibility because it combines all of the information the firewall knows, including session and application information, traffic volumes, and rate information, into a way to "see" into your network -- to give you visibility.
+

Palo Alto next-gen firewall stacks up well 07 May, 2012 14:39:27

Palo Alto Networks has bet everything on being a next-generation firewall. Without the next-generation hook, Palo Alto has little chance at breaking into the established world of firewalls, and they've done a good job at defining the category on their own terms.
+

SonicWall stands tall in SSL decryption testing 07 May, 2012 14:39:25

If one of the main advantages of a next-generation firewall is application and protocol identification and control, then SSL decryption is a basic requirement. We looked at the SSL decryption capabilities of the next-generation firewalls to see how well they would be able to discover applications, protocols, and URLs hidden within encrypted connections.
+

Check Point takes best approach to URL filtering 07 May, 2012 14:39:22

URL filtering has become a "checkbox" feature on most Unified Threat Management firewalls, and no wonder: it doesn't require a lot of imagination to do it right, and it's hard to really differentiate yourself or do a bad job of it.
+

Basic firewall functionality: Check Point's maturity shows through 07 May, 2012 14:39:20

Enterprise firewalls must have policies to control traffic, ability to create site-to-site VPNs using standards-based IPsec, translate addresses and port numbers (NAT) when needed, and apply basic bandwidth management to traffic. They must also support features such as high availability (active/passive or active/active), virtual LANs, Ethernet link aggregation, and global management systems.
+

How we tested next-generation firewalls 07 May, 2012 14:39:17

We tested next generation firewalls by looking at seven separate areas that we felt would be important to network managers trying to deploy these products in enterprise networks.
+

Fortinet has highest catch rate in IPS testing 07 May, 2012 14:39:15

We tested the intrusion prevention capabilities of each of the next-generation firewalls to determine how well they work and how the IPS integrates with system management.
+

Cisco impresses with UCS 19 December, 2011 17:27:44

If you're tempted to think of Cisco's Unified Computing System (UCS) as just another blade server — don't. In fact, if you just want a bunch of blades for your computer room, don't call Cisco — Dell, HP, and IBM all offer simpler and more cost-effective options.
+

Cisco UCS pricing: It's complicated 19 December, 2011 17:27:40

As with any server product, there are lots of ways to configure UCS, including different levels of CPU, memory and storage. Cisco has a 29-page document to help you get it right, and 29 pages are not overkill. To get an idea of what this might cost, we configured two separate systems: one with 40 dual-socket blades, and another with 80 of the same blades.
+

Network access control in a nutshell 22 June, 2010 08:43:00

Twelve leading NAC products put to the test