what do we exactly mean by threat prevention throughput of firewall ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

what do we exactly mean by threat prevention throughput of firewall ?

L2 Linker

Hi Experts,

I am always in doubt when someone asks how much PA 220 can support as far as throughput is concerned.

In datasheet there are 2 throughput , firewall throughput ( 560 Mbps) and threat prevention throughput ( 260mbps).

Customer has line of 2 active links 80mbps each ( 80*2 =160 ). 

 

Someone please explain what is exactly threat prevention throughput ? and what if I enable SSL decryption ? this value will come down to how much ? 

7 REPLIES 7

Community Team Member

Hi @KunalChopra ,

 

Threat Prevention Throughput is when you have threat prevention enabled ... so having security profiles enabled on your rules.

 

SSL decryption can have an impact. 

It's difficult to say how much because it depends on many things like ciphers used and session size etc ...

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi kiwi ,

ok can we say that if we enable security profiles on all rules on PA 220 ( excluding SSL ) , then firewall will give 260 mbps of throughput  ?

or in other words , in my case customer has 160mbps of bandwidth ( 2 isps 80mbps each ) , so can i size PA 220 for this situation assuming I am enabling all profiles ? 

Hello,

Also keep in mind not just throughput but sessions. If you have tons of sessions being created but not a lot of throughput, this will drag performance down as well. In all honestly, I personally see the PA-220 as a lab unit or home unit only. The smallest I would recommend to a customer would be the 800 series.

 

Regards,

I am not sure but i think PA 220 without decryption can handle 160 mbps of bandwidth with all engines activated.

Also session is not an issue because currently at peak they are having nearly 15k session way less than 64k supported on our box

@reaper  any comments ?

Community Team Member

Hi @KunalChopra ,

 

Having 1 profile or all profiles enables shouldn't make a difference with the single pass architecture.

 

As I said earlier it will greatly depend on the size and number of sessions, the ciphers used with decryption, the nature of certain applications (smb for example can have an impact).

Without having done some proper traffic analysis I don't think you can put an actual number on it.

 

Cheers,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hello,

Enabling decryption is a must. Without it too much slips through the cracks and leaves the network vulnerable.

Regards,

  • 8127 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!