Main Article Content
Virtualization technology is slowly being used to build network infrastructure called Network Function Virtualization (NFV). It takes network functions such as firewall, load balancer, IPS out of its hardware then uses its software to be run on high specification server. It helps to reduce vendor lock-in and creates a multiplatform network function environment for telecommunication or Internet Service Provider (ISP) company. It has a lot of benefits compared to a traditional network. One of them is reducing the number of hardware that is used in the telecom industry. This technology runs on the hypervisor that is used for the hardware management. One of the important components from NFV is Virtualized Network Function (VNF). In NFV, network devices are run on a server so that a firewall is needed. If an attack occurs on the network, it will interfere the existing network components. This paper focuses on analyzing the performance of two firewall systems: pfSense, and FortiGate. Both firewalls run on the VMware ESXi hypervisor. It compares the firewall performance in normal conditions without attacks and under SYN DoS attacks. Besides, firewall failover capabilities are evaluated. Based on the overall testing results, FortiGate has better performance than pfSense. It has better ability in handling DoS SYN attack because of lower throughput performance degradation and better FTP performance. It is concluded that FortiGate has best performance if it is compared to pfSense.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
 T. Alharbi, A. Aljuhani, and H. Liu, “Holistic DDoS mitigation using NFV,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, 2017.
 S. Lal, T. Taleb, and A. Dutta, “NFV: Security Threats and Best Practices,” IEEE Commun. Mag., vol. 55, no. 8, pp. 211–217, 2017.
 S. Pawar and S. Singh, “Performance Comparison of VMware and Xen Hypervisor on Guest OS,” Int. J. Innov. Comput. Sci. Eng. Issue, vol. 2, no. 3, pp. 56–60, 2015.
 A. Aljuhani and T. Alharbi, “Virtualized Network Functions security attacks and vulnerabilities,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, pp. 1–4, 2017.
 M. Daghmehchi Firoozjaei, J. (Paul) Jeong, H. Ko, and H. Kim, “Security challenges with network functions virtualization,” Futur. Gener. Comput. Syst., vol. 67, pp. 315–324, 2017.
 C. Sheth and R. Thakker, “Performance evaluation and comparative analysis of network firewalls,” 2011 Int. Conf. Devices Commun. ICDeCom 2011 - Proc., 2011.
 Open Networking Foundation, “Network Functions Virtualisation?: NFV Security Problem Statement,” vol. 1, no. 1, pp. 1–15, 2014.
 IT Central Station, “Business Intelligence Tools Buyer ’ s Guide and Reviews February 2018,” no. February, 2018.
 C. M. Buechler and J. Pingle, “pfSense?: The Definitive Guide (Version 1.2.3) - The Definitive Guide to the pfSense Open Source Firewall and Router Distribution,” p. 479, 2009.
 Fortinet, FortiOS TM Handbook - Firewall. 2017.
 N. Gray, C. Lorenz, A. Müssig, S. Gebert, T. Zinner, and P. Tran-Gia, “A priori state synchronization for fast failover of stateful firewall VNFs,” 2017 Int. Conf. Networked Syst. NetSys 2017, 2017.
 L. A. F. Mauricio, M. G. Rubinstein, and O. C. M. B. Duarte, “Proposing and evaluating the performance of a firewall implemented as a virtualized network function,” 2016 7th Int. Conf. Netw. Futur. NOF 2016, 2017.
 G. Attebury and B. Ramamurthy, “Router and firewall redundancy with OpenBSD and CARP,” IEEE Int. Conf. Commun., vol. 1, no. c, pp. 146–151, 2006.
 M. Arunwan, T. Laong, and K. Atthayuwat, “Defensive performance comparison of firewall systems,” 2016 Manag. Innov. Technol. Int. Conf. MITiCON 2016, pp. MIT221-MIT224, 2017.