Abstract

Tolly Group Report #202132 (August 2002) compares Check Point VPN-1 Pro with Cisco PIX-535 and NetScreen NetScreen-500 in firewall, VPN and mixed-application benchmarks. The test methodology required zero-loss forwarding and covered Gigabit-Ethernet firewall throughput, IPSec 3DES and AES tunnels and real-world HTTP traffic.

Firewall throughput. In a single-rule configuration VPN-1 Pro achieved 160 Mbit/s with 64-byte packets, 14% higher than PIX-535 and 100% above NetScreen-500. With 1,518-byte packets it reached 1.92 Gbit/s, 9% faster than PIX-535 and more than triple NetScreen-500.

IPSec tunnel performance. Using 3DES encryption, VPN-1 Pro forwarded 100 Mbit/s at 64 bytes versus 20 Mbit/s for both competitors, a fivefold advantage. At 1,450 bytes it delivered 180 Mbit/s compared with PIX-535’s 100 Mbit/s and NetScreen-500’s identical 180 Mbit/s. Switching to AES, VPN-1 Pro posted 100 Mbit/s at 64 bytes while NetScreen-500 managed 5 Mbit/s and PIX-535 lacked AES support. At 1,450 bytes VPN-1 Pro reached 500 Mbit/s versus NetScreen-500’s 20 Mbit/s.

Real-world mix. When driving HTTP traffic VPN-1 Pro forwarded 758 Mbit/s as a firewall, edging PIX-535 at 726 Mbit/s and surpassing NetScreen-500 at 478 Mbit/s. With 3DES VPN enabled it handled 106 Mbit/s versus 69 Mbit/s for NetScreen-500 and 66 Mbit/s for PIX-535; with AES it processed 260 Mbit/s while NetScreen-500 managed 10 Mbit/s and PIX-535 again lacked AES.

Cost efficiency. The tested VPN-1 Pro system cost $16,200, yielding $21.37 per Mbit of real-world firewall throughput, compared with $73.21 for NetScreen-500 and $90.91 for PIX-535.

Summary. VPN-1 Pro outperforms Cisco and NetScreen in firewall, 3DES and AES VPN speeds, delivers higher real-world traffic capacity and offers the best cost-per-throughput, making it a compelling enterprise security choice.