F5 or Fortinet: Who Has the Fastest Firewall?

F5 Networks is claiming the world’s fastest firewall—which might produce a squawk or two over at Fortinet, which insists its Fortigate-5140B is the world’s fastest.

F5’s new BIG-IP Advanced Firewall Manager is a high-performance, stateful, full-proxy network firewall that works in conjunction with F5’s new VIPRION 4800 chassis (launched Jan. 29). It also terminates SSL connections, passing them along only after inspection. F5 insists that the new BIG-IP firewall is capable of 640 Gbits/s of firewall throughput, overseeing 288 million concurrent sessions and 8 million connections per second.

“Increasingly, we’re seeing organizations grapple with attacks that target applications, in addition to more conventional network and perimeter threats,” Mark Vondemkamp, vice president of security product management and marketing at F5, wrote in a statement. “Because F5 products occupy strategic points of control within the infrastructure, they’re ideally situated to combine traditional application delivery with firewall capabilities and other advanced security services.”

On paper, that would put F5’s technology ahead of the FortiGate-5140B, which Fortinet touted last year as the world’s fastest. But FortiGate has claimed it used the BreakingPoint FireStorm CTM to generate stateful real-world traffic, involving applications such as Facebook, Zynga Farmville, Pandora radio, AOL Instant Messenger, Microsoft Outlook and others. Under those conditions, Fortinet said, the 5140B maxed out at 526 Gbits/s, and 542 Gbits/s for HTTP traffic. The same tests using stateless streaming traffic produced results of 559 Gbps for large (1518 byte) packets, 547 Gbps for small (64 byte) packets and 557 Gbps for IMIX; in all, Fortinet claimed that both stateful and stateless traffic performance was several times the company’s nearest competitor.

“In general, Fortinet does not comment on competitive announcements. That said, until it’s been validated by a legitimate third party test and measurement company, we continue to have the fastest shipping firewall for both IPv4 and IPv6. We look forward to meeting them in the lab,” Patrick Bedwell, vice president of products for Fortinet, wrote in a statement.

F5 also said that it had made improvements to its BIG-IP Application Security manager, adding support for apps written with the Google App Toolkit, as well as better support for clickjacking. The F5 technology protects against distributed denial-of-service (DDoS) attacks, recently identified as a key area of investment for data-center operators.

Last year, Cisco pulled away from the Application Delivery Controller market, ceding it to F5, Citrix, and Riverbed Technology. F5 said it enhanced its physical ADCs with the new Viprion 4800 chassis, capable of handling 20 million layer 7 requests per second and 160 Gbps of SSL bulk throughput. The company also enhanced its virtual ADC offerings with enhanced editions that now provide up to 3 Gbps of throughput and support a full range of hypervisors and virtualized environments, including Amazon Web Services and VMware vCloud Suite, plus Microsoft’s Hyper-V, Citrix XenServer, and KVM/Linux.

At the entry level, F5 said it added the BIG-IP 2000 series, an entry level ADC offering with 10 GbE interfaces; the BIG-IP 4000s platform, with up to 850,000 level-7 requests per second for best-in-class performance; and the BIG-IP 10200v platform, adding vCMP (virtual clustered multiprocessing) capabilities, 40 GbE interfaces, and high-end performance.

All of the new F5 products will be available in February.


Image: Robert Adrian Hillman/Shutterstock.com