How to test a firewall

Recently I learned one thing from testing a company's firewall: Don't trust anything the manufacturer claims, unless you've tested the product yourself. This means that things that are "supposed to work" or "past effective" may not work at all, or do not function as you expect. In this article I'll discuss how to test the firewall, the three types of firewall tests you should implement, and the surprises: test types are not important to ensure that you choose the best firewall for your organization.

The process of testing a firewall can be divided into three distinct phases: subjective evaluation, mitigation of threat effectiveness, and performance testing.

Test firewall: Subjective evaluation

Your subjective evaluation should be based on a standard list, not a list of features. Review each part of the firewall, such as how to define rules, how to establish a VPN tunnel, how remote access works, and how the threat mitigation function is layered on top of the product. Record your survey results and add a lot of screenshots to your notes. Otherwise, when you're testing firewall A for something that looks obvious, looking back at the results of a firewall G six weeks later may be confusing to you. Take notes on every criterion you evaluate.

Test firewall: Validity test

There is no specific tool that is difficult to test for validity, and even if you have a specific tool, you may not be able to get good results. Effectiveness testing should focus on three areas: intrusion prevention, anti-malware and application identification.

For intrusion prevention systems (intrusion prevention system, referred to as IPs) testing, although other test vendors, such as Si Bollen Communications and Ixia Limited have similar products, my company uses MU Dynamics products. You can buy or rent these tools if you need to, but you should be able to have each firewall vendor run your assigned tests, although they usually have the same tools.

For the application identification test, select the application that you are most concerned about and test the real server. If you want to block point-to-point (peer-to-peer) file-sharing software, start a few different torrent clients and watch what happens. For applications such as webmail or Facebook, the same tests are done, and they are the top candidates for application recognition and control testing. There is no need to try automated test tools, because test results will never be as accurate as real applications and real-world server communications. This is particularly accurate for applications that evade detection, such as BitTorrent and Skype software, which can never perfectly simulate their communications with test tools.

Testing Firewalls: Evaluating performance

Performance testing often requires specialized tools, but there are already many popular open source tools to choose from. When testing performance, remember to use empty equipment to check test bench test, a router or switch wiring is good. This will tell you the maximum speed of the test bench. From here on, keep in mind the test law of the network tester David Newman: Tests must be repeatable, must be stressful (not for you on the device), and must be meaningful. Put the device you're testing into its limits, even if you don't get to that level in actual operation. This will tell you where the future will hit the wall and how much the device is going to use up space.

Do not test performance in 1000 different environments, because your network will only encounter one environment: reality. Try to build a small environment that represents your network and usage conditions, and test the same configured firewalls. Because most of the firewall's job is to handle HTTP and HTTPS traffic, you're relieved to focus on testing them. Adding about 3% of the DNS traffic will make the tests more complex and usually won't tell you anything useful.

Performance testing must have a "pass/fail" indicator. For example, when a firewall starts refusing to open a new session, it should end the test because it has exceeded its limit. You should also set other caps, such as the maximum latency, to define when the firewall performance is unacceptable.

By completing these three types of tests, you will clearly understand the best firewall products for your organization.

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/