14 Nov Difference Between Firewall Throughput and IPS Throughput
Most vendors talk of firewall throughput even when they are advertising UTMs (Unified Threat Management Systems). There’s a fundamental difference between a firewall and a UTM. A firewall merely does stateful inspection of the traffic whereas a UTM proactively stops attacks even on allowed ports because it contains the all important IPS (Intrusion Prevention System). This means that even if traffic is allowed to certain services, that traffic is continuously examined to detect malicious attacks. In other words, the IPS stops hacker attacks even on open ports.
A UTM is installed with the specific purpose of providing greater security to the network. Which means that the IPS should be always on and functioning. But, by default, the IPS is turned off and vendors only talk of firewall throughput on a UTM. Of what practical use is the firewall throughput on a UTM if the IPS is not turned on? A much more realistic measure of UTM throughput is firewall+IPS throughput. This is the most important criteria when measuring UTM throughput. Because it effectively relays how fast the device functios while providing maximum security.
But sadly, most vendors are still stuck in the pre UTM days. All they did was take an existing firewall and slap an IPS on top of it. But as the IPS was almost an afterthought, there’s a tremendous loss in throughput when IPS is enabled. Reluctant to advertise that, they just highlight the firewall throughput, which is totally irrelevant on a UTM. In fact some vendors, like Fortinet, have 90 % loss in throughput when IPS is enabled (eg: Fortigate 310B – throughput falls from 8 Gbps to 800 Mbps when IPS is enabled).
Contrast this with the NetASQ approach. UTM throughput on Netasq is always firewall + IPS throughput, never firewall alone. The IPS is always on, ensuring greater network protection, and significantly, there’s 0 % performance loss on NETASQ with IPS on. NetASQ always measures the firewall + IPS throughput when talking about its UTM devices.
NetASQ is able to offer this revloutionary appraoch to IPS because of the simple fact that its IPS engine (ASQ – Active Security Qualification) is embedded within the kernel of the UTM operating system. This gives it twin advantages-first, the IPS engibe is always on and second, there is no fall in throughput with IPS on. Which means 100% performance is maintained with IPS on. With other vendors, the IPS engine is a separate module which sits on top of the operating system, thereby consuming more resources and contributing to lower speed and lesser throughput.