Firewall performance
Performance of a Firewall type device (see "Type") in intrusion prevention mode.
Intrusion protection is carried out on the same principle as the general processing of traffic by a firewall — by checking the received and transmitted data. However, the principles of filtering are somewhat different: Firewall cuts off certain types of traffic, preventing them from reaching network devices, while intrusion protection allows all traffic, but checks it for suspicious activity. Actions upon detection of such activity can be different: in some models, protection only notifies the administrator about the attack, in others, it independently takes retaliatory measures. Anyway, fine-grained traffic inspection is more resource-intensive than running a firewall in normal mode, which is why the performance in intrusion prevention mode is inevitably lower than the overall performance of the Firewall.
Note that this parameter is specified for optimal conditions — in particular, for those types of traffic that do not require a large amount of resources for scanning. So the real throughput of the firewall will inevitably be lower than the claimed one, and when choosing according to this indicator, it is worth taking a certain margin — at least 10 – 15%.
Intrusion prevention
Performance of a Firewall type device (see "Type") in intrusion prevention mode.
Intrusion protection is carried out on the same principle as the general processing of traffic by a firewall — by checking the received and transmitted data. However, the principles of filtering are somewhat different: Firewall cuts off certain types of traffic, preventing them from reaching network devices, while intrusion protection allows all traffic, but checks it for suspicious activity. Actions upon detection of such activity can be different: in some models, protection only notifies the administrator about the attack, in others, it independently takes retaliatory measures. Anyway, fine-grained traffic inspection requires more resources than running a firewall in normal mode, which is why the performance in intrusion prevention mode is inevitably lower than the overall performance of the Firewall.
Note that this parameter is specified for optimal conditions — in particular, for those types of traffic that do not require a large amount of resources for verification. So the real throughput of the firewall will inevitably be lower than the claimed one, and when choosing according to this indicator, it is worth taking a certain margin — at least 10 – 15%.
VPN performance
The performance of a device of the Firewall type (see "Type") when operating in VPN mode — namely, when building a virtual private network using a firewall as a VPN server. It is indicated by the maximum volume of traffic that the device can process per second with such a connection.
For more information about VPN in general, see "Basic Features". Here we note that in this format of operation, the Firewall must additionally encrypt the transmitted traffic and decrypt the received, which creates an additional load on the device. Therefore, throughput in VPN mode is inevitably less than the overall performance of the Firewall (see above). It is worth choosing according to this indicator with a certain margin — at least 10 – 15%; this will give an additional guarantee in case of abnormal loads.
As for specific figures, VPN bandwidth
up to 1 Gbps is considered relatively small,
more than 1 Gbps is considered high.
