Abstract

ServGate Technologies, Inc. commissioned The Tolly Group to evaluate its SG2000, a multifunction firewall designed for large enterprises and carriers that is designed to deliver gigabit performance. The Tolly Group tested the SG2000 as a single-rule firewall configured with two Gigabit Ethernet interfaces and benchmarked its bidirectional packet per second UDP/IP packet throughput.

ServGate’s SG2000 is presented as a purpose-built, hardware-based firewall for large enterprises and carriers that need Gigabit Ethernet security without the severe throughput penalties often associated with software firewalls. In Tolly Group benchmarking, the SG2000 was tested as a common single-rule, allow-all firewall using two Gigabit Ethernet interfaces in a full-duplex configuration, with bidirectional UDP/IP throughput measured under session loads ranging from 1,000 to 200,000 concurrent sessions.  

Results showed that the SG2000 sustained wire-speed performance for three of the four frame sizes tested, even at the maximum 200,000-session load. With 64-byte, 512-byte, and 1,024-byte packets, the appliance achieved 100% of theoretical maximum throughput, corresponding to 1,000Mbit/s in each direction or 2Gbit/s aggregate full-duplex throughput. With 1,518-byte packets, it reached 95% of theoretical maximum, delivering 1.9Gbit/s aggregate throughput. In packets-per-second terms, the SG2000 processed 2,976,190 packets per second with 64-byte frames, 469,924 pps with 512-byte frames, 239,464 pps with 1,024-byte frames, and 154,420 pps with 1,518-byte frames.  

A key theme in the report is consistency under load. Tolly notes that engineers tested the device progressively at 1,000, 10,000, 100,000, and 200,000 UDP sessions and found that increasing session counts did not materially degrade throughput. The report presents this as an important differentiator for enterprise security systems, since many conventional firewalls can suffer significant performance collapse as session state and filtering demands rise.  

The SG2000 tested ran firmware version 2.3 and software version 2.34L-B1-3, with NAT enabled and traffic generated by an IXIA 1600 using a stringent 0.001% packet-loss threshold. Tolly positions the platform as a Gigabit-class firewall that maintains near-unsecured network throughput while still providing the filtering functions required for secure enterprise and WAN deployments.  

Note: ServGate was founded in 1999. It was sold in a foreclosure sale in 2006 to Cirond Corp. The company absorbed the products but did not advance or continue the product line.