The NGFW is the first line of defense to protect against today’s evolving threats and is a critical component of any defense-in-depth strategy.  The NSS Labs NGFW test methodology has evolved from the previous testing to reflect the threat landscape and therefore, this latest testing includes SSL inspection.  This is an important key test factor because most vendors see huge performance impacts when SSL is turned on, preventing them from publishing SSL performance on their datasheets.  With the expanded use of secure sockets layer (SSL)/transport layer security (TLS) in the traffic traversing the modern network, an NGFW must be able to inspect encrypted content. NSS Labs evaluated firewall products with 190 different evasion techniques, more than 2,000 exploit tests and throughput tests.

NSS Labs regularly released NGFW Security Value Map™, Comparative Analysis Reports, and Product Analysis Reports.  These results help guide security professionals in the enterprise to make informed decisions when evaluating the many offerings in the industry.

NSS Labs designed the test to focus on the following four areas:

  •     Security effectiveness
  •     Performance
  •     Stability
  •     Total Cost of Ownership (TCO)


Security Value Map™ Next Generation Firewall (NGFW) April 30, 2018
Products Tested
• Barracuda Networks F600.E20 v6.1.1-071
• Check Point Software Technologies 13800 NGFW Appliance vR77.20
• Cisco ASA 5585-X SSP-60 v5.4.0.3
• Cisco FirePOWER Appliance 8350 v5.4.0.3
• Cyberoam – Cyberoam CR2500iNG-XP v10.6.3
• Dell SonicWALL SuperMassive E10800 SonicOS Enhanced v6.0.1.13-177o
• Forcepoint Stonesoft Next-Generation Firewall 1402 v5.8.5
• Fortinet FortiGate 3200D v5.2.4, build 5069
• Hillstone Networks SG-6000-E5960 v5.5 SG6000-M-2-5.5R1P2.2
• Huawei Technologies USG6650 vV500R001C00SPC010T
• Juniper Networks SRX5400E JUNOS Software Release 12.3X48
• Palo Alto Networks PA-7050 v6.0.11-h1
• WatchGuard Technologies XTM 1525 v11.9.4 build 486684
Security Value Map™ Next Generation Firewall (NGFW) Jul, 2018
• Barracuda Networks CloudGen Firewall F800.CCE v7.2.0
• Check Point 15600 Next Generation Threat Prevention (NGTP) Appliance vR80.20
• Cisco Firepower 4120 Security Appliance v6.2.2
• Forcepoint NGFW 2105 Appliance v6.3.3 build 19153 (Update Package: 1056)
• Fortinet FortiGate 500E V5.6.3GA build 7858
• Palo Alto Networks PA-5220 PAN-OS 8.1.1
• SonicWall NSA 2650 SonicOS Enhanced
• Sophos XG Firewall 750 SFO v17 MR7
• Versa Networks FlexVNF 16.1R1-S6
• WatchGuard M670 v12.0.1.B562953

June 06, 2017 (GLOBE NEWSWIRE) — NSS Labs, Inc., the global leader in operationalizing cybersecurity, announced the results of its Next Generation Firewall (NGFW) Group Test.

Key findings include:

  • Overall Security Effectiveness ranged from 25.8% to 99.9%, with seven of the 11 tested products achieving a rating greater than 78.5%
  • TCO per Protected Mbps ranged from US$5 to US$105, with most tested products costing less than US$22 per protected Mbps.
  • The average Security Effectiveness rating was 67.3%; seven of the tested products received an above-average Security Effectiveness rating, and four of the tested products received a below-average Security Effectiveness rating.
  • The average TCO per Protected Mbps was US$25.2; eight of the tested products were rated as having above- average value, and three of the tested products were rated as having below-average value.

Tested products:

  • Barracuda NextGen Firewall F600.E20 v7.0.2
  • Check Point Software Technologies 15600 Next Generation Threat Prevention (NGTP) Appliance R77.20
  • Cisco Firepower 4110 v6.1.0.1
  • Forcepoint NGFW 3301 Appliance v6.1.2
  • Fortinet FortiGate 3200D FortiOS v5.4.4 GA Build 1117
  • Fortinet FortiGate 600D FortiOS v5.4.4 GA Build 1117
  • Juniper Networks SRX 4200 v15.1X49-D75.5
  • Palo Alto Networks PA-5250 PAN-OS 8.0.0
  • SonicWall NSA 6600 SonicOS 6.2
  • Sophos XG-750 Firewall v16.01
  • WatchGuard Firebox M4600 v11.10.7


Check Point® Software Technologies Ltd. (NASDAQ: CHKP) today announced the company received its eleventh ‘Recommended’ rating from NSS Labs. Check Point’s latest results earned its fifth ‘Recommended’ rating in the NSS Labs Next Generation Firewall Test, delivering top results with the highest block rate (99.8%) from the NSS Labs Exploit Library and tied for the highest security effectiveness score (99.6%).

Hillstone Networks Next-Generation Firewall’s high marks include lowest for Total Cost of Ownership (TCO) per Protected Mbps, blocking 99.6% of exploits from the NSS exploit library and blocking 98.32% of live exploits over a 2-month period from December 1, 2015 – January 31, 2016.

NSS 2016 NGFW Group Test SVM


NSS Labs said the Palo Alto PA-3020 Appliance passed stability and reliability tests, and enforced firewall policies. It also correctly enforced complex outbound and inbound policies, the firm said. The appliance fell short in detecting evasion measures often used by attackers to bypass firewalls. Using RPC and IP Fragmentation attacks, NSS Labs was able to conduct a bypass. The appliance also took a performance hit, earning a 719-Mbps rating while the vendor claimed 1-Gbps performance.

NSS 2014 NGFW Group Test SVM

WatchGuard’s XTM 2050 appliance got poor marks and earned a caution designation after it fell well below competitors.

NSS 2013 NGFW Group Test SVM


NSS 2012 NGFW Group Test SVM


NSS 2011 NGFW Group Test SVM


By Jon

Leave a Reply

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.