About throughput performance with only url filtering

Reply
L4 Transporter

About throughput performance with only url filtering

Hello,

 

I have questions.

I know throuhput performance is half when using Threat Prevention.

 

If we would use only url filtering, how is PA's throughput performance? Is it same when using TP or only using application?

And If we would use only file blocking, how about?

 

I think if url-filtering and file-blocking use signature-match-chip, it would be same when using TP.

if they do not use signature-match-chip, it would be same when using only application.

 

Please let me know it.

 

Thanks,

KC Lee 

 

 

 

 

Highlighted
Community Manager

Re: About throughput performance with only url filtering

Hi KC

 

The throughput reduction as indicated by the generic spec sheet per chassis gives a guesstimate of a fully loaded device with all bells and whistles enabled with a good mixture of traffic. Each environment has it's unique qualities and may see better or worse performance

 

URL filtering is not part of threat prevention and has a completely different impact on throughput than threat prevention as URL filtering does not need to inspect packets but rather needs to determine the url category by intercepting the host header/certificate common name/SNI and then doing a category lookup in the database, cache or cloud repository to verify if the connection can be allowed or needs to be blocked.

 

As such, URL filtering has no real impact on throughput directly but if for some reason cloud lookups are hindered, this could introduce latency in the individual connections that require a lookup

 

 

hope this helps

Reaper


Help the community: Like helpful comments and mark solutions
Reaper out
L4 Transporter

Re: About throughput performance with only url filtering

@reaper

Thanks for your answer.

 

It helps me. I make sure it.

 

How about File-Blocking?

And If I would use only custom url category, The latency would reduce?

Because It have to query to cloud.

 

Thanks,

KC Lee

Community Manager

Re: About throughput performance with only url filtering

Hi KC

 

it will depend too much on how fileblocking is implemented (only a to b, all traffic, only filesharing apps, ...) to give a solid answer to your question. It is best to assume the worst (50% overall decrease) and then be happily surprised you get far better performance ;)

 

Or set up some rigorous testing with a realistic network design to gauge what the behavior would be like in your specific setup

 

 

using custom-categories-only would cause even less potential "latency" (as any latency would depend mostly on outside factors)


Help the community: Like helpful comments and mark solutions
Reaper out
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!