Alex Rudnev observed,
Folks, why all you are saying about the Gigabit traffic for the firewall?
Usially, firewall stand between intranet and internet, and it should proceed your upstream traffic, not more... And than, it's important to measure the throughput in packets/per_second, not in the gigabits...
Everything other is true - I suggess no one good firewall can proceed gigabit traffic at all, and only a few specially designed boxes can proceed 100Mbit traffic. But just again - it's a rare case when you does have 100Mbit upstream link.
All good points. Something else to consider: with increasing cryptographic security requirements, the "firewall" (ambiguous term as it is, but let's think of it as a stateful packet screen -- the major approach at high speed) is not the only device between you and the outside. It's worth thinking of: Bastion hosts -- not trusted with crypto keys Security gateways -- trusted to do encryption IPsec gateways SSL/TLS proxies Conduits with access lists -- for host-to-host encryption, where the firewall wouldn't add value There is also the very murky area where logging and intrusion detection mix, and whether they can operate at these speeds/