Port/Bandwidth Usage and Overhead

Reply
L1 Bithead

Port/Bandwidth Usage and Overhead

We have a few firewalls and we are using Wildfire, Threat protection, routing and other features on the firewall. Our question is with all these features turned on will this affect the port traffic flow. We are looking for a scale or formula that we can refer to regarding these features and best practices for the configuration on our devices.

 

 

 

L4 Transporter

Re: Port/Bandwidth Usage and Overhead

Have you looked at the product-selection page where you can compare firewalls?

 

https://www.paloaltonetworks.com/products/product-selection

 

This will show you expected throughput for each enabled feature.  ie - 

 

PA-5220

App-ID firewall throughput20 Gbps
Threat prevention throughput9 Gbps
Connections per second150,000
Max sessions (IPv4 or IPv6)4,000,000
L1 Bithead

Re: Port/Bandwidth Usage and Overhead

I see what the throughput is but if it is a 10G port and I have routing, Wildfire, Threat Protection etc with that oiverhead, i assume the port will not be pushing 10G through the port. 

 

What is the throughput after these feature being turned on. 

L4 Transporter

Re: Port/Bandwidth Usage and Overhead

It's listed on the right hand side of the model.  In my example, you will only get an average throughput of 9Gbs on the 5220 with Threat Protection turned on.  Basically, look for the lowest number (Threat Protection) and this will be a pretty good gauge of expected throughput.

L6 Presenter

Re: Port/Bandwidth Usage and Overhead

The true answer to your question is, "it depends."

 

 

Realworld numbers will vary by all the various features and traffic scenarios.  IPSec / SSL decrypt are big things which will significantly impact expected throughput as well as over all sessions per second with associated packet size.  Each hardware type will have it's own variances.

 

In general though start off with the published numbers.  Then you can hone in on exactly which hardware type is right for your environment.

L1 Bithead

Re: Port/Bandwidth Usage and Overhead

Thank you Brandon,

 

That is exactly what i am talking about. I undeestand the Threat  protection and Wildfire but when it comes to routing and other features to the firewall how can I tell other than third party tools which will tell me such notes. I would assume palo alto would have some sort of documentation for this. 

L6 Presenter

Re: Port/Bandwidth Usage and Overhead


@derekgriffin2019 wrote:

Thank you Brandon,

 

That is exactly what i am talking about. I undeestand the Threat  protection and Wildfire but when it comes to routing and other features to the firewall how can I tell other than third party tools which will tell me such notes. I would assume palo alto would have some sort of documentation for this. 


 

"Routing" won't necessarily impact throughput.  "Interzone" routing of particular traffic types can impact throughput.  You won't get the real numbers without a NDA from Palo, which your account team can get setup with your company.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!