|
IPENFORCER 3400, starts at $13,950. iPolicy Networks, (510) 687-3000. www.ipolicynetworks.com
|
To test load, we set up an Ixia 1600T running IxWeb to generate HTTP and FTP traffic from 200 simulated users. The multiple traffic streams from the Ixia device were sent through our Extreme Networks Summit1i switch and into the 3400's LAN interface. The WAN traffic returned through a similar path.
The 3400 throughput peaked at 400 Mbps. URL filtering and intrusion-detection monitoring had almost no impact on throughput or latency. To tax the device further, we added 102 rules to the firewall. There was no change in performance.
Next we tested the 3400's intrusion-detection/-prevention functionality. The 3400 provides signatures for detecting more than 1,400 intrusions and lets you create custom signatures. Our test consisted of sending a SYN attack and a ping flood at the device. Both were detected.
We configured the response to the ping flood to rate-limit the incoming ICMPs once the attack was detected. This feature worked well, automatically throttling the ICMP traffic back. Upon detecting an intrusion, the device can also issue a warning to an admin, block the intrusion or issue a notice while hardening the 3400's firewall--dropping the traffic for a preconfigured length of time.
URL filtering is supported on HTTP, POP3 and FTP. We tried to access 120 porn and gambling sites through the device. The 3400's blacklist caught 119.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
