The latest report on performance from Miercom on Enterprise segment Firewalls goes as this; for real world HTTP (web 2.0) simulated traffic;

bar

While this is a performance evaluation of the box by itself, some time back NetworkWorld tested SSG 500 series firewalls from Juniper and it topped the converged security solutions. Which means UTM (Unified Threat Management) next generation firewalls.

Also note that the firewall involved in Miercom’s testing is ‘NS-5200’, which is based on Netscreen architecture, the latest firewalls are much more efficient (hardware wise) and runs on Juniper architecture! I guess, when a test is performed and some one picks ASA-5580 which is pretty latest, the Juniper gear also should’ve been the latest (from SSG/ISG series)

So what does it mean for a customer looking at the market?

Real-World HTTP throughput tops in Cisco’s ASA 5580, instead if you’re looking for a box which can do Integrated stuff (IPS, AV, AntiSpam, Network Access Control) then the answer seems to be Juniper Firewalls. It is a tough choice again based on your switch ports you want to protect vs additional security that you want in one box.

Personally, I’m a fan of both of the boxes and both has its flexibility. After being configuring for almost 6-7 years the Cisco Gear, now I’ve been working on Juniper gear for last 2 years. But this 2 years made me like the Juniper security solutions as well. The reason, policy driven traffic management and support for WAN drops directly onto the firewall (remember, I worked mostly on PIX firewalls which only has 1 outside interface with Ethernet support).

Links to read :

Miercom Full Report :

http://6200networks.com/wp-content/uploads/docs/miercom_cisco_asa_5580.pdf

NetworkWorld Full Report : http://www.networkworld.com/reviews/2006/020606-juniper-ssg-test.html