Sygate Firewall comparison (CPU usage)

flexy

Diamond Member
Sep 28, 2001
8,464
155
106
hi,

i am doing tests with ZoneAlarm, Sygate PF 5.5 and now Kerio 2.15

I used Sygate as my favorite firewall app for some time, but today i made a strange observation:

Whenever i play a certain game (ie: MultiTheft Auto, which sends a lot of very small UDP packets in multiplayer) the CPU usage of Sygate (the smc.exe) goes up anywhere up to 12% which is unnecessary high and (IMHO) a very big downside to a otherwise excellent firewall.

Sygate firewall 5.5 does not add ANY significant CPU usage otherwise, eg. downloading from P2P (overnet, limewire) or streaming video....only with online gaming (UDP packets) the usage goes up...and i do NOT want to waste 10% or so of my CPU just the firewall works..especially i gaming...

I did all these tests then with ZoneAlarm 4.5 and Kerio, and no matter whether i was streaming, playing or downloading i NEVER saw any significant CPU usage.

So..i just got Kerio 2.15 and i am test running this and it looks good to me.

Btw. in addition, i still can not (frm my perspective) confirm excessive ressource hogging (CPU, memory) by ZoneAlarm ?! But with all the horror stories.....i just switched from ZA to Sygate...and now to Kerio.

greets
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
I have a theory that if you walk into a room full of security professionals and ask them what their favorite software firewall is, the answers will be very diverse. :p

EDIT: interesting comparison though.
 

ehanson

Member
Oct 9, 1999
49
0
0
Have you turned off some of Sygates advanced logging features such as its packet logging? I do not use Sygate anymore, but that is one of the features that I believe those other two PFW do not have. That may be the cause of the CPU spikes.
 

Boscoh

Senior member
Jan 23, 2002
501
0
0
Generally you need to leave the software firewalls off when gaming. Any SPI firewall running on your computer is going to introduce latency scanning all the packets coming in and out, how much latency depends on the firewall. Software firewalls have a tendency to break some games, and make you appear to "skip" around to other players.

I can always tell when people have a firewall running in the games that I play. I've played games online for years without a firewall enabled when I play. Keep your machine updated and you can risk the exposure of a couple hours worth of multiplay.
 

flexy

Diamond Member
Sep 28, 2001
8,464
155
106
Originally posted by: Boscoh
Generally you need to leave the software firewalls off when gaming. Any SPI firewall running on your computer is going to introduce latency scanning all the packets coming in and out, how much latency depends on the firewall. Software firewalls have a tendency to break some games, and make you appear to "skip" around to other players.

I can always tell when people have a firewall running in the games that I play. I've played games online for years without a firewall enabled when I play. Keep your machine updated and you can risk the exposure of a couple hours worth of multiplay.


hi,

i did testing with ZA, Sygate, Kerio (did i forget one ?) and really could NOT see any added latency on my pings running w/o the FW or with the FW on. I did these tests a few time because people claimed they get a few ms or so....but i cant confirm that.

Anyhow...but thats exactly the point. Discussions about Firewalls are going on for ages now, and honestly (like one guy said)..."put some experts in a room and let them debate - everyone will come up with its own opinion".

It might very WELL be the case that a bad coded FW adds latency..thats the main reason i did all these tests and i am so eager to find my right FW despites the 1000 opinions floating around. If i see a %15 CPU usage then moment i start playing online a red flag goes up - and i can do the same test with some other FW and do NOT see the cpu usage...and then i can make an assumption that something with Firewall XYZ and performance/latency can not right.

Btw...the people you see 'jumping/warping' (i know that phenomenon :)....maybe lets just ask them what FW they use and we might see a pattern there ?
 

Rainsford

Lifer
Apr 25, 2001
17,515
0
0
Personally I wouldn't use Zone Alarm even if the alternative was no firewall...running unpatched Windows. I've had really bad luck with Zone Alarm hosing up my network, even when it (ZA) was off. I don't see why it should have happened on the variety of computers with different hardware and software. I also had the misfortune of using their "pro" version in a corporate setting, and I had similar bad luck on many machines, and ZA and VPN do NOT seem to play well together.

On the other hand, Kerio does what it should without me playing with it all the time. A MUCH better producct in MHO. And I have never seen CPU usage above 1 or 2 percent, if that helps any.