Connections creation and management

Sometime overall network speed can be hampered by connections creation and management speed. While this is rarely a problem for home and small office, if you have some high-load, high-access web servers behind you firewall and / or you are using some client software that use lots of connections (eg: Microsoft Outlook clients connecting to an Exchange server for push notifications or rich web-based applications), you definitely want to give a look at this parameter.

For testing connections creation and management speed I used the trusted Apache Benchmark, with Apache itself showing the default CentOS test page:

Cyberoam CR25ia performance

Firewall-only rates, while lower then Cyberoam advertised 3,500 connections/sec, are extremely good at over 2,000 connections/sec (remember that default CentOS web page has some text and image inside it). 

Now consider UTM speed: while it seems to suggest to use this firewall for LANs with a maximum of 15 / 20 client machines, this is clearly undersized for a firewall of this class. What this benchmark really told us is to be smart in deciding what policies needs UTM and what can live without it.

Please note the noUTM (services started but not applied) scores: they are vastly lower then “pure firewall” ones. So, if you face an high-connection-speed scenario but you don't plan to use any UTM features, remember to correctly disable the UTM services.

So, what about web pages load latency?

Cyberoam CR25ia performance

Load latency remain under control most of the time: in 95% of all cases, the test page was loaded between 2 ms (basic mode) and 84 ms (UTM mode). However, absolute maximum latency in 3DES + UTM mode is extremely high at about 45,000 ms (yes, I wrote 45 sec!) so, if you plan to deliver HTTP services inside a VPN, avoiding 3DES for AES can be a wise choice (with AES128 we are speaking of more reasonable ~3,000 ms absolute maximum latency).