Reports & Publications
NetScreen Technologies, Inc NetScreen-500 vs. Cisco Systems Inc. PIX 535 Competitive Evaluation of Enterprise-Class Internet Security Devices
Login or create an account to download this report
Abstract
NetScreen Technologies, Inc. commissioned The Tolly Group to benchmark the NetScreen-500 against the Cisco PIX 535 firewall outfitted with an optional VPN Accelerator Card.
The NetScreen-500 is presented as an enterprise-class Internet security appliance built to deliver high firewall and VPN performance without the throughput penalties often associated with encryption and large session counts. In Tolly Group testing, NetScreen compared the NetScreen-500 against a Cisco PIX 535 equipped with a VPN Accelerator Card, measuring bidirectional firewall throughput, VPN throughput with 3DES and SHA-1, and latency under session loads ranging from 1,000 to 25,000 sessions.
In firewall mode, the NetScreen-500 sustained strong performance even under heavy session counts. Tolly reports 757.4Mbit/s of bidirectional throughput with 1,518-byte frames and 25,000 simultaneous UDP sessions, while the Cisco PIX 535 dropped to 39Mbit/s under the same conditions. At 10,000 sessions with 1,518-byte frames, NetScreen reached 769Mbit/s versus 199Mbit/s for Cisco. The report also notes that Cisco could not produce usable results at Tolly’s stricter 0.001% packet-loss threshold and required a relaxed 1% loss threshold for comparison testing, whereas NetScreen showed essentially no difference between the two thresholds.
VPN results also favored NetScreen. In a full-duplex IPSec tunnel using 3DES and SHA-1, the NetScreen-500 delivered 136.71Mbit/s with 512-byte packets, 200.5Mbit/s with 1,024-byte packets, and 230.3Mbit/s with 1,400-byte packets, outperforming Cisco by 59%, nearly 2x, and 110% respectively. With 1,518-byte packets, NetScreen still achieved 126.4Mbit/s, while Cisco delivered zero throughput because it did not support fragmentation of oversized encrypted Ethernet frames.
Latency was generally lower on NetScreen as well. In firewall mode, it delivered up to 49% lower latency on smaller packets, and in VPN mode it showed 64% lower latency with 64-byte packets and roughly 41% to 50% lower latency on 512-, 1,024-, and 1,400-byte packets. The report concludes that the NetScreen-500 combines high session scalability, strong VPN throughput, and lower latency, making it better suited for enterprise and service-provider security environments with Gigabit Ethernet demands.