PUBLICATION & RESEARCH LIBRARY

Authors: Devon James, Jeff Bowermon and Ty Smith

Publish Date: June 5, 2017

NEXT GENERATION FIREWALL (NGFW) Test Report: Cisco Firepower 4110 v6.1.0.1

TECHNOLOGY DESCRIPTION:

NSS Labs defines a firewall as a mechanism used to protect a trusted network from an untrusted network while allowing authorized communications to pass from one side to the other. With the emergence of new web applications and security threats, however, firewalls are further evolving. Next generation firewalls (NGFWs) have traditionally been deployed to defend the network perimeter, but enterprise deployment options are expanding to include internal segmentation.

NSS research indicates that NGFW devices are typically deployed to protect users rather than data center assets, and that the majority of enterprises will not separately tune intrusion prevention system (IPS) modules within their NGFWs.

PRODUCT EVALUATED:

NSS Labs performed an independent test of the Cisco Firepower 4110 v6.1.0.1. The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the Next Generation Firewall (NGFW) Test Methodology v7.0, which is available at nsslabstage.wpengine.com. This test was conducted free of charge and NSS did not receive any compensation in return for Cisco’s participation.

PRODUCT TESTED IN THE FOLLOWING AREAS:

  • Security Effectiveness – Ability to provide a trusted internal interface, an untrusted external (Internet) interface, and at least one DMZ interface
  • Performance – Ability to provide effective firewall security policy enforcement with performance metrics such as raw packet processing (UDP), latency, maximum capacity, and HTTP connections with “real-world” traffic mix ?
  • Stability and Reliability – Ability to maintain security and reliability under normal load conditions while enforcing security policies
  • Total Cost of Ownership – Costs associated with purchase, installation, and ongoing management ?

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the test results.