topic Re: Threat Protection in General Topics https://live.paloaltonetworks.com/t5/general-topics/threat-protection/m-p/12168#M8921 <HTML><HEAD></HEAD><BODY><P>1) You can see the various performance numbers (which depends on model) for throughput with threat preventation enabled in the datasheets:</P><P></P><P>PA-5060</P><P>&nbsp;&nbsp;&nbsp; 20 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps threat prevention throughput</P><P></P><P>PA-5050</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps threat prevention throughput</P><P></P><P>PA-5020</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 2 Gbps threat prevention throughput</P><P></P><P>PA-4060</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps threat prevention throughput</P><P></P><P>PA-4050</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps threat prevention throughput</P><P></P><P>PA-4020</P><P>&nbsp;&nbsp;&nbsp; 2 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 2 Gbps threat prevention throughput</P><P></P><P>PA-2050</P><P>&nbsp;&nbsp;&nbsp; 1 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 500 Mbps threat prevention throughput</P><P></P><P>PA-2020</P><P>&nbsp;&nbsp;&nbsp; 500 Mbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 200 Mbps threat prevention throughput</P><P></P><P>PA-500</P><P>&nbsp;&nbsp;&nbsp; 250 Mbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 100 Mbps threat prevention throughput</P><P></P><P>PA-200</P><P>&nbsp;&nbsp;&nbsp; 100 Mbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 50 Mbps threat prevention throughput</P><P></P><P>In order to monitor the throughput you can use snmp, here is some info on how to do this with cacti: <A __default_attr="4367" __jive_macro_name="thread" class="jive_macro jive_macro_thread" href="https://live.paloaltonetworks.com/"></A></P><P></P><P>2) As I understand it the singlepass engine in PA will work no matter if you have a specific rule using threat protection or not. Some benchmarks published on the Internet even shows that throughput went down when you disabled threat preventation compared to a rule with everything enabled. Also the figures mentioned in PA's datasheets isnt max values (like most competitors) but rather low values (NSS Labs found that actual performance was 115% of stated in the datasheet - of course this might vary depending on what kind of traffic, packetsizes, segmentsizes etc).</P><P></P><P>Edit: I guess these two docs might be of interrest:</P><P></P><P><A __default_attr="1886" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P><P></P><P><A __default_attr="3094" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P></BODY></HTML> Thu, 26 Jul 2012 12:36:06 GMT mikand 2012-07-26T12:36:06Z Threat Protection https://live.paloaltonetworks.com/t5/general-topics/threat-protection/m-p/12167#M8920 <HTML><HEAD></HEAD><BODY><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;">I hope you may be able to answer a couple of quick questions for me as&nbsp; i am planning on switching Threat Protection on in the next few weeks.</P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;"></P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;">1.&nbsp; When we turn on Threat Protection i remember you saying that the throughput for the dataplane is cut in half,&nbsp; Is there any way of monitoring the throughput of the dataplane?</P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;"></P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;">2.&nbsp; When Threat protection is enabled will it limit the throughput for every Network/Port on the Firewall. From what I have read you have to configure Threat Protection on every policy,&nbsp; does that mean only limits the throughput on the zones.</P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;"></P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;">If you could help me with this it would be great.</P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;"></P><P style="color: #000000; font-family: arial; font-size: small; text-align: -webkit-auto;">Cheers</P></BODY></HTML> Thu, 26 Jul 2012 11:50:16 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-protection/m-p/12167#M8920 BBHLTD 2012-07-26T11:50:16Z Re: Threat Protection https://live.paloaltonetworks.com/t5/general-topics/threat-protection/m-p/12168#M8921 <HTML><HEAD></HEAD><BODY><P>1) You can see the various performance numbers (which depends on model) for throughput with threat preventation enabled in the datasheets:</P><P></P><P>PA-5060</P><P>&nbsp;&nbsp;&nbsp; 20 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps threat prevention throughput</P><P></P><P>PA-5050</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps threat prevention throughput</P><P></P><P>PA-5020</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 2 Gbps threat prevention throughput</P><P></P><P>PA-4060</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps threat prevention throughput</P><P></P><P>PA-4050</P><P>&nbsp;&nbsp;&nbsp; 10 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 5 Gbps threat prevention throughput</P><P></P><P>PA-4020</P><P>&nbsp;&nbsp;&nbsp; 2 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 2 Gbps threat prevention throughput</P><P></P><P>PA-2050</P><P>&nbsp;&nbsp;&nbsp; 1 Gbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 500 Mbps threat prevention throughput</P><P></P><P>PA-2020</P><P>&nbsp;&nbsp;&nbsp; 500 Mbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 200 Mbps threat prevention throughput</P><P></P><P>PA-500</P><P>&nbsp;&nbsp;&nbsp; 250 Mbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 100 Mbps threat prevention throughput</P><P></P><P>PA-200</P><P>&nbsp;&nbsp;&nbsp; 100 Mbps firewall throughput</P><P>&nbsp;&nbsp;&nbsp; 50 Mbps threat prevention throughput</P><P></P><P>In order to monitor the throughput you can use snmp, here is some info on how to do this with cacti: <A __default_attr="4367" __jive_macro_name="thread" class="jive_macro jive_macro_thread" href="https://live.paloaltonetworks.com/"></A></P><P></P><P>2) As I understand it the singlepass engine in PA will work no matter if you have a specific rule using threat protection or not. Some benchmarks published on the Internet even shows that throughput went down when you disabled threat preventation compared to a rule with everything enabled. Also the figures mentioned in PA's datasheets isnt max values (like most competitors) but rather low values (NSS Labs found that actual performance was 115% of stated in the datasheet - of course this might vary depending on what kind of traffic, packetsizes, segmentsizes etc).</P><P></P><P>Edit: I guess these two docs might be of interrest:</P><P></P><P><A __default_attr="1886" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P><P></P><P><A __default_attr="3094" __jive_macro_name="document" class="jive_macro jive_macro_document" href="https://live.paloaltonetworks.com/"></A></P></BODY></HTML> Thu, 26 Jul 2012 12:36:06 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-protection/m-p/12168#M8921 mikand 2012-07-26T12:36:06Z