Data Center Firewall
DCFW 2017 Comparative Report: Security

DCFW 2017 Comparative Report: Security


Thomas Skybakmoen, Keith Bormann, Jason Brvenik



NSS Labs defines a firewall as a mechanism used to protect a trusted network from an untrusted network, while allowing authorized communications to pass from one side to the other.  Performance metrics, while important in any firewall, become critical in a data center deployment. Data center firewalls (DCFWs) handle multiple application traffic mixes for hundreds of thousands of users, and thus must support higher data rates. 


This report uses data from NSS’ individual DCFW Test Reports to create Security Effectiveness ratings for each vendor. Products are scored on multiple factors that affect the overall Security Effectiveness of the system, including:

  • Firewall Policy Enforcement
  • Stability and Reliability


The following products were evaluated:

  • Cisco Systems Firepower 9300 v9.6.2.5 (one SM-36 security module)
  • F5 i5600 v12.1.2 Build 0.0.248
  • Fortinet FortiGate 1500D FortiOS v5.4.1 GA Build7386
  • Fortinet FortiGate 3700D FortiOS v5.4.1 GA Build 7386
  • Huawei Eudemon 8000E X16 v500R001C30
  • Huawei USG9580 v500R001C30
  • Juniper Networks SRX5400 15.1X49-D60


To learn how each vendor performed, download a copy of each individual Test Report. NSS clients can also download the DCFW Comparative Reports on Performance and Total Cost of Ownership.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.