Not everything can be successful, there is a record of failure. For example, hardware firewall evaluation, this article tries to collate the product users in the hardware firewall evaluation of common misunderstanding, will be discussed.
Myth Number one: The staggering numbers of vague experimental conditions
Pro-Read countless firewall product ads, a black and white nominal 4G throughput is dazzling, but if the "64-byte Packet", "Line Speed", "adhere to a few minutes" and other words thrown out, the sales staff will be on the throughput of their own first to become hesitant. Therefore, we can not trust the data provided by the manufacturer, we must compare the test results of standard experimental conditions, or rebuild the environment in person to test.
Myth number two: like numbers, regardless of manageability
In the evaluation, users tend to pay much attention to performance figures, but for the actual network security management, the two products between the 2% difference, 5% of the difference even if 10% difference, really can bring essential difference? Is it convenient for a firewall to configure interface operation? Is there a complete log management function? Can this wall store logs? Is there a monthly CPU, memory statistics function? can easily query the matching strategy ... Compared to the performance of the number, the evaluation of these seemingly not cut the theme, but this question is "who used to know"!
Myth Three: Pay attention to fancy functions, but do not understand the hidden worries of performance
This year's firewall, the function is a lot of, access control, anti-virus, intrusion detection/defense, VPN, called functionally heterogeneous or even, called unified threat management, like a grocery store. Say these functions "fancy" is because they start up, the performance of the hardware resources to devour the ability beyond human imagination. So, it's easy not to put these in the function when you're working out a test plan?
Misunderstanding four: The high performance hardware architecture cannot be regarded scientifically
Hardware firewall performance is inseparable from the type of hardware architecture. The so-called High-performance hardware architecture, is corresponding to the X86 of the traditional industrial computer architecture, the common NP, ASIC and so on. For high-performance hardware architectures, we can neither pay attention nor superstition. But at the same time, but not too highly respected "NP" "ASIC", because the strongest is not necessarily the best and most suitable for you.
Misunderstanding five: Do not combine their own network characteristics to consider, do not combine their own security strategy to consider
From the user's own network environment characteristics to test the firewall is very unscientific, not based on their own security strategy design firewall test indicators, but also deviated from the original purpose of the product application. The characteristics of the network tell users what kind of package they are running in their nets, what constitutes composition, how big and what agreement. The security strategy tells users what the firewall has bought to do, how to do, how to match, how to manage. We want to "department", "match", "tube" and "choose" and "test".
Myth Six: Don't be wary of cheating in tests
Product sales and purchase is a business behavior, business has to beware of deception, in the test is to be wary of cheating. Suppose very few manufacturers have produced the high-performance "competitive beta" products that are designed to be used for testing, and if very few manufacturers make some hands and feet in the equipment (such as using a cable to connect directly), then the whole test result will be unfair to other honest vendors.
The above is the hardware firewall evaluation of the six major misunderstanding of the analysis, I hope that through the introduction of this article we do not go into such a misunderstanding.
This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Firewall/