TECHNOLOGY DESCRIPTION

The SSL performance testing was conducted during the 2018 Next Generation Firewall Group Test. With the increased use of SSL/TLS in the traffic traversing the modern network, an NGFW must be able to inspect encrypted content. SSL and TLS protocols are the foundation of e-commerce security, encrypting the transfer of sensitive data, verifying the authenticity of websites, and ensuring the integrity of exchanged information. Threat actors are increasingly using SSL/TLS to deliver malicious attacks. Gartner estimates that in 2017 more than half of the network attacks targeting enterprises used encrypted traffic to bypass security controls.

WHAT WE TESTED

The 2018 SSL/TLS Performance Tests determined how 10 of the industry’s leading NGFW products performed in the following key areas:

• Cipher Functionality – Confirm and validate the device under test is correctly decrypting and (if applicable) inspecting SSL/TLS traffic.
• Performance – A performance baseline using various types of HTTP traffic is established for the device. The device is then measured with HTTPS-based real-world performance in order to establish comparative metrics for the device (with or without SSL decryption/inspection). This ensures the device is not bypassing the decryption/inspection process to demonstrate better performance.

PRODUCTS EVALUATED:

• Barracuda Networks CloudGen Firewall F800.CCE v7.2.0
• Check Point 15600 Next Generation Threat Prevention (NGTP) Appliance vR80.20
• Cisco Firepower 4120 Security Appliance v6.2.2
• Forcepoint NGFW 2105 Appliance v6.3.3 build 19153 (Update Package: 1056)
• Fortinet FortiGate 500E V5.6.3GA build 7858
• Palo Alto Networks PA-5220 PAN-OS 8.1.1
• SonicWall NSa 2650 SonicOS Enhanced 6.5.0.10-73n
• Sophos XG Firewall 750 SFOS v17 MR7
• Versa Networks FlexVNF 16.1R1-S6
• WatchGuard M670 v12.0.1.B562953