From the Security Experts

March 19, 2012

Test Reveals Fortinet Delivers Highest IPS Performance in Industry

By SIP Trunking Report Contributing Writer

California-based Fortinet announced today that its FortiGate-3950B firewall appliance achieved the highest intrusion prevention system (IPS) and catch rate in the industry. The tests were conducted using BreakPoint security testing software and NSS Labs test methodology.

BreakPoint products feature built-in automation designed to produce standardized Resillience Score for measuring network and data center performance, scalability and security. These compact devices simulate attacks from hundreds of real-world applications.

Using the NSS Laps IPS testing methodology, two L4 and L7 tests were conducted on the Fortinet Fortigate-3950B. One test had IPS optimization enable while the other didn’t. The testing consisted of a large number of IP addresses on the server and client side to more accurately simulate network conditions.

The results of the testing showed the FortiGate-3950B provided a throughput of 16.9 Gbps. This level of throughput is adequate for detecting incoming threats while not adversely affecting network speed and performance at the same time. The results also showed a low latency level of 12.5 microseconds, which Fortinet claims is the best performance available today.

Further testing using the BreakPoint security products showed the FortiGate appliance supports up to 100,000 new TCPs per second with the IPS feature activated. These results were 2.5 times greater in pure firewall mode.

When the FortiGate-3950B was subject to the enterprise traffic mix test, it achieved a 91 percent IPS Attack Catch Rate. This is among the highest performing catch rates in the industry. At full CPU utilization, testing showed a zero failure rate. This result shows how the FortiGate appliance effectively catches malicious attacks without any packet loss.

Patrice Perche, senior vice president of international sales and support at Fortinet, emphasized the importance of this testing, saying, "By leveraging BreakingPoint's security testing products, we prove once again Fortinet's strong foundation of high-performance security and real-time network protection to our customers."

The enterprise-level FortiGate firewall appliance features custom FortiASIC processors, layered multi-threat protection FortiOS operating system and flexible architecture. It’s capable of delivering up to 120 Gbps of throughput, and features a compact 3-RU form factor. It also comes equipped with five Fortinet Mezzanine Card (FMC) expansion slots.

The FortiGate-3950B appliance provides real-time threat-monitoring of both known and unknown malicious attacks. The award-winning FortiGuard Intrusion Prevention Service delivers attack signatures automatically and in real-time.

Edited by Tammy Wolf