{"id":56370,"date":"2018-01-09T05:00:23","date_gmt":"2018-01-09T13:00:23","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=56370"},"modified":"2019-01-29T12:55:34","modified_gmt":"2019-01-29T20:55:34","slug":"5-critical-mistakes-avoid-incorrectly-sizing-future-ngfw","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2018\/01\/5-critical-mistakes-avoid-incorrectly-sizing-future-ngfw\/","title":{"rendered":"5 Critical Mistakes to Avoid: Incorrectly Sizing Your Future NGFW"},"content":{"rendered":"

This post is part of a blog series where we dive into the five critical mistakes<\/a> to avoid when evaluating a next-generation firewall. Avoid these, and you\u2019ll be well on your way to picking the right next-generation firewall.<\/em><\/p>\n

How will you know if the NGFW you\u2019re considering is the right one for your organization? The safest bet is to test it. But when evaluating and selecting a new NGFW, there are some common mistakes security professionals often make. One of these critical mistakes is highlighted in detail below, along with insight and recommendations to help you avoid the blunder.<\/p>\n


\nMistake #1: Incorrectly Sizing Your Future NGFW<\/strong><\/p>\n

Avoid relying solely on datasheets and other \u201cperformance on paper\u201d summaries as they are inaccurate points of comparison for firewalls. There are fundamental differences in features and offerings from one firewall vendor to the next. For example, one vendor might measure consolidated threat prevention features (e.g., intrusion prevention systems, antivirus, command and control, URL filtering) in terms of performance impact, while another might highlight performance impact based solely on best-of-breed IPS capabilities in a stand-alone box. To ensure accurate \u201capples to apples\u201d firewall comparisons, organizations should size capabilities to their real-world environments\u2019 requirements (e.g., IPS, application control, advanced malware detection), in addition to the traffic mix. When doing so, it\u2019s critical to account for performance impact resulting from enabling other features in the future.<\/p>\n

In addition, advanced capabilities, such as SSL decryption, will vary in performance impact depending on processing logistics. Some vendors decrypt using the hardware form factor, while others decrypt using software \u2013 each with varying degrees of performance effect. Further, threat response performance should only be compared with all required signatures activated. Carefully read the documentation for out-of-the-box collections of signatures to determine actual coverage. Performance often continues to degrade with the introduction of additional signatures.<\/p>\n