Firewall Testing Criteria


ICSA Labs tests firewall products against a standard yet evolving set of criteria. Our Firewall Certification Criteria is composed of both functional and assurance requirements. Our criteria requirements define an industry-accepted standard that all products claiming to have firewalling capabilities must attain.

Historically the ICSA Labs Firewall Product Certification Criteria has taken a "one size fits all" approach. The intent being that every product would have to meet the same requirements in order to be certified. However, the firewall market has evolved significantly since ICSA Labs introduced version 1.0 of the Firewall Product Certification Criteria in 1996. Version 4.2 of the ICSA Labs Modular Firewall Certification Criteria accommodates the evolution of the firewall market.

Version 4.0 and 4.1x, the previous versions of the criteria, were the culmination of over two years of work with industry experts, end users and the Firewall Product Developers Consortium - an international forum of competing developers of firewall products that work toward common goals to benefit both members and end users.

Version 4.2 reflects the different functional requirements in today's multi-segmented firewall market.

Points worth noting with respect to this version 4.2:

  • The default installation requriements present in version 4.1x have been removed.

Criteria Documents

The 4.2 documents that can be downloaded (PDF format) are:

  • Baseline Module (required for every certified product)
  • Residential, Small/Medium Business (SMB), Corporate, Enterprise (vendor selects one of these for their product to be tested against)
  • Glossary (definitions of terms used in 4.2 criteria documents)

Additionally, ICSA Labs is releasing Optional Modules that vendors with certified products may elect to be tested against. The first optional module addresses the Network Firewall VoIP requirements. The second module addresses the Network Firewall High Availability requirements.

 All of these documents can be found in the Network Firewalls Document Library.