Best of 2006: Firewalls

Although stateful packet inspection is a fully mature and stable concept in network security, the firewall market itself is not at all static. The steady evolution toward unified threat management (UTM) is producing products with broad feature sets. Although still network edge firewalls, most include VPN, anti-virus, anti-spam, content filtering, intrusion detection and more.

This is an interesting shift, since even last year we saw a definite divide between enterprise-class firewalls and separate, best-of-breed content filtering. While many customers will still deploy their defenses in this way, some will prefer the UTM approach. Firewall manufacturers have had to move quickly to keep abreast.

In testing, we looked for enterprise features such as VLAN support, quality of service (QoS) and VoIP, and were pleased to see that most devices being tested provide bandwidth limit or QoS support.

We expect to see more edge devices offering fully capable traffic prioritization, class-based queues and bandwidth limits to ensure that business-critical traffic is not only filtered, but guaranteed at least a working minimum of operating bandwidth.

TSP 7300 
Vendor: Secure Computing Corp. 
Verdict: Solid performer that shows the strong CyberGuard pedigree.

Astaro Security Gateway 
Vendor: Astaro  
Verdict: A very strong all-round performer. 

Product: FortiGate-1000A 
Vendor: Fortinet 
Verdict: Good firewall with plenty of filtering capability. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.