Main Article Content
Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then use its software to be run on high specification server. It helps reduce vendor lock-in and help create a multiplatform network function environment. It has a lot of benefits compared to a traditional network. One of them is it can reduce the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the management of hardware. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed because if an attack occurs on the network it will interfere with existing network components. This paper focuses on analyzing the performance of two firewall system, pfSense, and FortiGate. Both firewalls will run on the VMware ESXi hypervisor. It aims to determine the firewall performance comparison in normal conditions without attacks and under SYN DoS attacks. We also evaluate firewall failover capabilities. Based on the results of testing obtained that overall FortiGate has better performance. It has better ability in handling DoS SYN attack because it has lower throughput performance degradation and better FTP performance compare to pfSense. We conclude that FortiGate has best performance compare with pfSense
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
 T. Alharbi, A. Aljuhani, and H. Liu, “Holistic DDoS mitigation using NFV,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, 2017.
 S. Lal, T. Taleb, and A. Dutta, “NFV: Security Threats and Best Practices,” IEEE Commun. Mag., vol. 55, no. 8, pp. 211–217, 2017.
 S. Pawar and S. Singh, “Performance Comparison of VMware and Xen Hypervisor on Guest OS,” Int. J. Innov. Comput. Sci. Eng. Issue, vol. 2, no. 3, pp. 56–60, 2015.
 A. Aljuhani and T. Alharbi, “Virtualized Network Functions security attacks and vulnerabilities,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, pp. 1–4, 2017.
 M. Daghmehchi Firoozjaei, J. (Paul) Jeong, H. Ko, and H. Kim, “Security challenges with network functions virtualization,” Futur. Gener. Comput. Syst., vol. 67, pp. 315–324, 2017.
 C. Sheth and R. Thakker, “Performance evaluation and comparative analysis of network firewalls,” 2011 Int. Conf. Devices Commun. ICDeCom 2011 - Proc., 2011.
 Open Networking Foundation, “Network Functions Virtualisation?: NFV Security Problem Statement,” vol. 1, no. 1, pp. 1–15, 2014.
 IT Central Station, “Business Intelligence Tools Buyer ’ s Guide and Reviews February 2018,” no. February, 2018.
 C. M. Buechler and J. Pingle, “pfSense?: The Definitive Guide (Version 1.2.3) - The Definitive Guide to the pfSense Open Source Firewall and Router Distribution,” p. 479, 2009.
 Fortinet, FortiOS TM Handbook - Firewall. 2017.
 N. Gray, C. Lorenz, A. Müssig, S. Gebert, T. Zinner, and P. Tran-Gia, “A priori state synchronization for fast failover of stateful firewall VNFs,” 2017 Int. Conf. Networked Syst. NetSys 2017, 2017.
 L. A. F. Mauricio, M. G. Rubinstein, and O. C. M. B. Duarte, “Proposing and evaluating the performance of a firewall implemented as a virtualized network function,” 2016 7th Int. Conf. Netw. Futur. NOF 2016, 2017.
 G. Attebury and B. Ramamurthy, “Router and firewall redundancy with OpenBSD and CARP,” IEEE Int. Conf. Commun., vol. 1, no. c, pp. 146–151, 2006.
 M. Arunwan, T. Laong, and K. Atthayuwat, “Defensive performance comparison of firewall systems,” 2016 Manag. Innov. Technol. Int. Conf. MITiCON 2016, pp. MIT221-MIT224, 2017