In todays society it´s important that information can flow free and without interruption, so companies and organizations can be more efficient. A lot of people are also dependant on all the online services that is offered these days. Firewalls are an effective protection against various attacks and disruptions that threatening actors may carry out.

The purpose of this thesis is to compare two next-generation firewalls (NGFW) [11] and observe how they handle a TCP SYN flood attack from a single PC booted with Kali Linux. The tests were conducted in a controlled lab environment at University West. The program used to carry out the attack is Hping3, with three parallel streams simultaneously sending TCP SYN-packets and using spoofed IP addresses. Iperf3 is used to measure throughput, jitter, packet loss and the ability to establish new TCP connections. CPU usage is measured to see how much load the firewalls are under, and access to the GUI via HTTP was observed to determine if it was negatively affected. Both firewalls are configured with minimal settings, without any specific optimizations for mitigating TCP SYN flood attacks, this is to evaluate how they perform under a standard configuration.

The results show that Firepower handles traffic better, with lower CPU usage and fewer packet losses. Firepower manages new TCP connections with a relatively high success rate, while FortiGate becomes completely overloaded and unable to establish new connections at all. The HTTP connection is also negatively affected on the FortiGate as access to it’s GUI is lost, whereas Firepower is unaffected. Jitter is low on both firewalls. The tests demonstrate that Firepower is more effective in handling TCP SYN attacks.