There was a clear winner both in antivirus and antivirus-plus-IPS speed contests. At 524Mbps of antivirus throughput, the Fortinet FortiGate 3610A blew past the competition. Secure Computing's Sidewinder 2150D was in a distant second place, at 396Mbps, about 20% slower. After that, IBM/ISS's Proventia MX5010 sat in third place with 298Mbps -- just more than half of the FortiGate speed. If you want to do fast antivirus scanning on top of perimeter or core firewalling, Fortinet seems to have the recipe for speed.
After running hundreds of performance tests, we confirmed what several of the vendors told us before we started: Don't do antivirus scanning in an enterprise UTM device. Except for the FortiGate 3610A, which handled firewalling, antivirus, and IPS at 520Mbps, none of the gigabit firewalls we tested could cross the 300Mbps line under the same conditions.
Read our performance results as a confirmation that neither IPS nor antivirus belong in an enterprise firewall, at least not if you're looking for predictable, gigabit performance. In a few cases, we were able to take otherwise-capable systems to their knees by stressing them in the wrong way. On the other hand, our testing showed that with careful configuration, you can get additional protection in a high-speed firewall. Performance testing is critical, not just when the system is initially installed, but any time new protections are put into place.
Read related articles:
Check Point UTM management falters; Cisco, Juniper gain
UTM and IPv6: Do they mix?
Juniper, Cisco all-in-1 devices hit on intrusion-prevention
VPN capabilities vary widely across UTM firewall devices
Tracking UTM high availability
A closer look at UTM hardware architecture
UTMs require routing for flexibility's sake
Watts up with power consumption?
AV's place is not in the all-in-one security box