College】 【weak evaluation should not just look at the firewall need digital Six Mistakes to avoid.

Assessment should not just look at the firewall <br> <BR> figures, those who have the possibility of failure, a hardware firewall evaluation is no exception. .I practice with their own experience, try finishing the product user evaluation in hardware firewall in the common misunderstanding, for peer study. .<BR> One, misled by a staggering vague conditions <BR> read numerous pro firewall product advertisements, one in black and white people dazzling the nominal throughput of 4G, but if the "64-byte packets," "wire-speed ."," insisted a few minutes "and the like words thrown out, the salesperson will throughput up to first become hesitant. .So vendors can not readily believe the data, you must take the standard experimental conditions to compare the test results, or re-build environment to test himself. .<BR> Second, like the figures, regardless of manageability <BR> in the evaluation, the users tend to focus too much on performance numbers, but for practical network security management is concerned, the two products the difference between 2% and 5 .% difference even if 10% of the difference, really bring the essence of the difference? .Operation of a firewall configuration interface can not be easy? .Has a complete log management? .The ability to store the log walls? .Whether the monthly CPU, memory, statistical functions? .With strategies to facilitate inquiry is whether ... ... the performance figures compared to, evaluation of these seemingly irrelevance, but this question, but "with who knows who!" .<BR> Third, attention fancy function, do not understand the performance of hidden <BR> firewall these days, features are a lot of, access control, anti-virus, intrusion detection / prevention, VPN, called functional heterogeneous Ye Hao, called .Ye Hao unified threat management, like a grocery store the same. .That these features "fancy" because they start up, the performance of the hardware resources than the phagocytic activity of human imagination. .Therefore, the development of assessment programs to easily do the function of these items in the list, right? .<BR> Four high-performance hardware architecture can not be scientific view of the performance of <BR> compete with hardware firewall can not do without the hardware structure of species. .The so-called high-performance hardware architecture, is corresponding to the X86 in terms of the traditional structure of industrial machines, and more common with NP, ASIC and so on. .For high-performance hardware architecture, we not only have to concern, not superstition. .But the focus at the same time, they can not be over-praised "NP" "ASIC", because the strongest is not necessarily the best and most suitable for you. .Fifth, do not take into account in conjunction with their network characteristics, combined with their own security strategy does not take into account the user's own <BR> out to test the firewall features of the network environment is very scientific, not based on strategic design their own security firewall test indicators, it is a departure from the .product use in mind. .Network Features tell the user to run his own net in what kind of package, composition, how much and what agreements. .Firewall security strategy to tell the user what to buy, how the Ministry, how distribution, how to manage. .We want to "department", "with", "control" and "choose" and "measured." .<BR> Sixth, do not guard against cheating in the test <BR> a commercial product sales and purchase behavior, business will have to guard against deception, the test is to guard against cheating. .Assuming a very few manufacturers to test to build a special high-performance "competition test version of" product bluffing, if very few manufacturers to make some hands and feet inside the device (such as directly connected with the network cable), then the whole integrity of the test results will be on the other .The company is very unfair. .<BR>.