Firewalls are network security devices designed to protect a network from other less trusted networks. They are essentially network access control devices that permit and deny network traffic to travel into and out of an organization's network. Firewall network security products are typically placed at an organization's network boundary.

Certification Program

Here at ICSA Labs, we direct a certification program aimed at testing the security of commercially available firewall products. In our Firewall Lab, we perform security testing against a significant number of the firewall products available on the market today. Only those firewall products that meet - and continue to meet - our criteria requirements may display our ICSA Certified Firewall seal of approval. Check out those products that have the distinction of being ICSA Labs Certified Firewall Products.


Testing by expert ICSA Labs Firewall Lab analysts is conducted against a standard set of functional and assurance criteria elements. To attain certification, tested products must meet all of the testing requirements.  ICSA Labs is presently testing firewalls against version 4.2 of the ICSA Labs Firewall Security Certification Testing Criteria. To learn more about the criteria, and to view its contents, click here.

Continuous Deployment

Once tested at ICSA Labs, firewall security products remain continuously deployed on-site in our Firewall Lab. Continuous deployment affords our Firewall Lab analysts the opportunity to routinely upgrade and quickly test products against the latest security vulnerabilities that arise. Firewall products continuously deployed in our Firewall Lab range from products that you've heard of to a number of others that maybe you should have!

Ongoing Testing

Once a product is granted ICSA Labs Firewall Certification it is added to our firewall certified product list. Security vendors with products in testing are required to ensure that ICSA Labs receives any product updates once released.

Testing occurs on an approximately annual basis. Once granted certification following a successful test cycle, the certification survives intervening product updates made between the near-annual test cycles. This holds true until such time the ICSA Labs finds - either during a periodic re-test or during the annual test cycle - that the product is in violation of one or more of the firewall testing criteria requirements. If such a violation is found, then to avoid decertification, the security vendor must provide a fix that addresses the shortcoming, which ICSA Labs then confirms through testing.