NSS Labs defines a firewall as a mechanism used to protect a trusted network from an untrusted network, while allowing authorized communications to pass from one side to the other. Performance metrics, while important in any firewall, become critical in a data center deployment. Data center firewalls (DCFWs) handle multiple application traffic mixes for hundreds of thousands of users, and thus must support higher data rates. This report focuses on the Total Cost of Ownership (TCO) per Protected Mbps, TCO per Protected Connections per Second (CPS) per Mbps, TCO per Protected Concurrency per Mbps, CPS per Concurrency and the TCO per Port. NSS’ cost analysis includes a 3-Year TCO, which is based on:

• Acquisition costs for the DCFW and a central management system (CMS)
• Fees paid to the vendor for annual maintenance, support, and signature updates
• Labor costs for installation, maintenance, and upkeep

 The following products were evaluated:

• Cisco Systems Firepower 9300 v9.6.2.5 (one SM-36 security module)
• F5 i5600 v12.1.2 Build 0.0.248
• Fortinet FortiGate 1500D FortiOS v5.4.1 GA Build7386
• Fortinet FortiGate 3700D FortiOS v5.4.1 GA Build 7386
• Huawei Eudemon 8000E X16 v500R001C30
• Huawei USG9580 v500R001C30
• Juniper Networks SRX5400 15.1X49-D60

To learn how each vendor performed, download a copy of each individual Test Report. NSS clients can also download the DCFW Comparative Reports on Performance and Security. As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.