Performance Evaluations of Cisco ASA and Linux iptables Firewall Solutions

Abstract: A firewall is an essential component to provide network security and traffic control. It is widely used to prevent illegal accesses to private or corporate networks from external unsafe source like Internet. Firewalls are basically classified into two types, hardware firewalls and software firewalls. Hardware-based is a single external hardware to a system, but software-based is installed on a computer inside a system. Two such firewalls, Cisco ASA 5505 and Linux iptables are implemented and practical evaluated theirs performance. The performance test in this paper work primarily focuses on Network layer, and the main parameters include Throughput, Latency, and Concurrent Sessions. Different performance monitoring tools are also introduced in this paper. As a network layer firewall, the most impressive feature is through inspecting the packets to manage the traffic from the higher Layer 4-7 of OSI (Open Systems Interconnection) model, which inevitably has a certain impact on the performance. The bottleneck of the whole network is determined by what extent the impact is. The primary objective of this thesis is through analyzing the test reports to evaluate the two type firewalls’ performance. Thus the results reported in this paper gives some ideas to new firewall customers about what aspects should be considered before selecting a suitable firewall product.