Today the internet environment contains all dangerous situations, nasty people and risks that one can find in society as a whole . A common perimeter security measure is to install a firewall between disparate networks as a means of controlling and logging network traffic passing between them . In this paper we describe , discuss and evaluate the features of four firewalls are used to secure a personal computer or small groups of interconnected computers and are not meant to secure a large system or a LAN. The firewalls evaluated in this paper are checkpoint VPN-1/Firewall-1, WinRoute pro4.1. Guardian Pro eNT, and BorderWare Firewall
All content in this area was uploaded by Khaled Elleithy
Content may be subject to copyright.
... This paper uses IPERF software , a tool for active measurements of the maximum achievable bandwidth on IP networks, for both firewall throughput testing. The firewalls are installed on the client site . Throughput testing is achieved by evaluating the response time of packets from the IPERF server, the packets are generated from the IPERF client via the installed firewalls. ...
A network bottleneck is often caused by firewalls installed between network gateways. As a result, the overall performance of networks is significantly dropped. The following solution to resolve such the problem can be achieved by increasing the speed of firewall rule verification. Nowadays, there is an open-source matching framework which is the fastest rule verification, namely IPSets. It can verify a number of firewall rules against huge packets with O(1) worst-case access time. However, IPSets still displays several drawbacks of usability such as rule management, subnet IP address, rule conflicts, and memory usage. This paper proposes a novel firewall structure that can resolve all drawbacks of IPSets, and obtains the optimal speed of firewall rule verification at O(1) of access time, called IPack. According to IPack implementation, the paper applies the sparse matrix to be data structures to maintain firewall rules, the Path Selection Diagram (PSD) to eliminate rule conflicts and IP packing technique to reduce the size of memory space. The experimental results show that IPSets drawbacks can be solved by IPack. Especially, the size of memory space is reduced from O(2 n) to be O(n) with the same optimal access time and the speed of IPack is still equal to IPSets.
ResearchGate has not been able to resolve any references for this publication.