CyberRatings.org and NSS Labs Announce 2025 Enterprise Firewall Test Results
Security Effectiveness Ranges from 46.37% to 99.59%
AUSTIN, Texas, Nov. 5, 2025 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit organization dedicated to providing confidence in cybersecurity products and services through independent testing, today announced the results of its latest Enterprise Firewall (EFW) evaluation. Tests were conducted by NSS Labs and are now available at no cost on the CyberRatings.org website.
NSS Labs performed independent evaluations of seven leading Enterprise Firewall products using the Enterprise Firewall Test Methodology v3.0. The testing revealed a striking disparity in performance — Security Effectiveness ranged from 46.37% to 99.59%.
Firewalls were tested under encrypted enterprise-grade workloads using 3,326 exploits, 11,311 malware samples, 5,752 evasion techniques spanning 53 evasion categories, 6,481 false-positive samples, and 55 performance tests. Each firewall was required to maintain operational stability throughout testing.
Key Findings
- Attackers Are Bypassing Defenses:
While average exploit and malware block rates exceeded 96%, three widely deployed vendors failed critical evasion tests that significantly reduced their effectiveness. Only three of seven products earned a Recommended rating. - Evasion Vulnerabilities:
Common transport and network-layer evasions, techniques that can be applied to nearly every attack, bypassed some of the world's most widely used firewalls. - Encrypted Threats:
More than 95% of global web traffic is encrypted. Detecting attacks hidden within TLS/SSL sessions remains a crucial differentiator; some products showed marked performance degradation when inspecting encrypted traffic. - Accuracy Matters:
One product recorded only 80% false-positive accuracy, potentially increasing operational costs and reducing trust in security alerts as customers disable protections to reduce noise.
"Enterprise Firewalls are constantly evolving to combat new attacker techniques and tools but sometimes that evolution takes a wrong turn," said Vikram Phatak, CEO of CyberRatings.org. "A vendor can have a near-perfect detection engine but if attackers can bypass that engine it gives them a clear path through your defenses."
The test results are as follows:
| Enterprise Firewall (EFW) |
Rating |
Security Effectiveness |
False Positive Accuracy |
| Check Point CP-CGS-9300 |
Recommended |
99.59 % |
99.35 % |
| Cisco Firepower 2130 |
Caution |
57.34 % |
79.94 % |
| Forcepoint 2210 |
Neutral |
99.53 % |
95.22 % |
| Fortinet FortiGate-200G |
Caution |
79.24 % |
99.41 % |
| Juniper Networks SRX4300 |
Recommended |
99.16 % |
98.43 % |
| Palo Alto Networks PA-1410 |
Caution |
46.37 % |
99.66 % |
| Versa Networks CSG5200 |
Recommended |
99.43 % |
99.63 % |
NSS Labs is the Official Testing Partner of CyberRatings, generating the test results and reports for CyberRatings publications. NSS Labs developed tools and Keysight's CyPerf tool were used to test the security, performance, TLS functionality, and stability of Enterprise Firewalls.
The Enterprise Firewall Test Reports, Comparative Report and Security Map are available at CyberRatings.org.
About CyberRatings.org
CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member, visit www.cyberratings.org and follow us on LinkedIn.
SOURCE CyberRatings.org
Share this article