Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Proverbial appliance vs software based firewall

From: Scot Hartman <shartman () inflow com>
Date: Thu, 17 Oct 2002 12:19:34 -0600

"Philip J. Koenig" wrote:


  
  Now Checkpoint has commissioned a test that purports to show
  their product performs better than "dedicated hardware" from
  Cisco and Netscreen.  I would like to have people's opinion
  on this test, in part because my observation of Tolly Group
  test reports is that they're one of these "guns for hire"
  that never writes a bad review for someone who pays them for
  one.
  
  I just skimmed through it and one thing that stuck out in one
  of the tests was that they were testing only UDP traffic, which
  struck me a bit strange because that has to be a small part of
  typical VPN traffic.
  
  http://www.checkpoint.com/products/connect/tollyreport.html
  
   


   
Interesting.  Their testing doesn't peer like-vendor devices.

In the 3DES VPN Throughput test, while using large, eye-catching 
graphics, they have the CP and NS show the same performance numbers 
for larger packets.  

Reading down into the notes you see that they peered all devices with
the Checkpoint box.

"DUT (Devices under test) were peered with a Check Point device.  The
Check Point device may have limited the NetScreen's throughput..."
  -  Ya think?  
  -  Maybe?  
  -  Could the environment have been designed to account for this?

I'm all for competitive results, but I hate rosy pictures that seem
to hedge results or bury significant information (test environment, 
OS/hardware versions, etc.). 


Scot Hartman





_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: