Midrange firewalls face off: ServGate, SonicWall, and StoneGate boxes prove their mettle in our performance tests.(Product/Service Evaluation)

Choosing the right firewall involves weighing a variety of factors. Naturally, you'll want a box that's easy to set up and configure; that complements your anti-virus, anti-spam, and other perimeter security solutions; and that comes at the right price. But even if you meet these needs, your firewall will do you no good unless it can handle your network's highest traffic levels and, at the same time, thwart external attacks.

I recently invited vendors of midrange firewall appliances -- products that support between 100,000 and 200,000 concurrent connections and between 1,000 and 2,000 VPN tunnels -- to a performance test at Spirent Communications' labs in Calabasas, Calif. In addition to sizing up setup requirements and feature sets, I used Spirent's test equipment to measure the performance and security capabilities of three entries: ServGate's EdgeForce Accel, SonicWall's Pro 3060, and Stonesoft's StoneGate SG-500.

I used Spirent's Avalanche 5.2 and Reflector 5.2 test suites, running on Avalanche 2500 and Reflector 2500 hardware, to plumb each firewall's performance capabilities, including performance under load and volume of traffic across a multiprotocol network. I also emulated a number of DDoS attacks -- namely Syn, Smurf, Reset, and ARP (Address Resolution Protocol) Flood attacks -- to see how successfully each device forwarded legitimate traffic while fending off each …