Firewall technology is one of the largest and most mature security markets. Firewalls have undergone several stages of development, from early packet filtering and circuit relay firewalls to application layer (proxy based) and dynamic packet filtering firewalls. Throughout their history, however, the goal has been to enforce an access control policy between two networks, and thus firewalls should be viewed as an implementation of policy. A firewall is a mechanism used to protect a trusted network from an untrusted network, while allowing authorized communications to pass from one side to the other. When considering firewalls for the data center rather than for the network perimeter, there are several key metrics that need to be adjusted.

This methodology describes how NSS will evaluate data center firewall (DCFW) products to provide an objective and fair assessment of the technology.