what do we exactly mean by threat prevention throughput of firewall ?

Reply
L1 Bithead

what do we exactly mean by threat prevention throughput of firewall ?

Hi Experts,

I am always in doubt when someone asks how much PA 220 can support as far as throughput is concerned.

In datasheet there are 2 throughput , firewall throughput ( 560 Mbps) and threat prevention throughput ( 260mbps).

Customer has line of 2 active links 80mbps each ( 80*2 =160 ). 

 

Someone please explain what is exactly threat prevention throughput ? and what if I enable SSL decryption ? this value will come down to how much ? 

Community Team Member

Re: what do we exactly mean by threat prevention throughput of firewall ?

Hi @KunalChopra ,

 

Threat Prevention Throughput is when you have threat prevention enabled ... so having security profiles enabled on your rules.

 

SSL decryption can have an impact. 

It's difficult to say how much because it depends on many things like ciphers used and session size etc ...

 

Cheers !

-Kiwi.

L1 Bithead

Re: what do we exactly mean by threat prevention throughput of firewall ?

Hi kiwi ,

ok can we say that if we enable security profiles on all rules on PA 220 ( excluding SSL ) , then firewall will give 260 mbps of throughput  ?

or in other words , in my case customer has 160mbps of bandwidth ( 2 isps 80mbps each ) , so can i size PA 220 for this situation assuming I am enabling all profiles ? 

L7 Applicator

Re: what do we exactly mean by threat prevention throughput of firewall ?

Hello,

Also keep in mind not just throughput but sessions. If you have tons of sessions being created but not a lot of throughput, this will drag performance down as well. In all honestly, I personally see the PA-220 as a lab unit or home unit only. The smallest I would recommend to a customer would be the 800 series.

 

Regards,

L1 Bithead

Re: what do we exactly mean by threat prevention throughput of firewall ?

I am not sure but i think PA 220 without decryption can handle 160 mbps of bandwidth with all engines activated.

Also session is not an issue because currently at peak they are having nearly 15k session way less than 64k supported on our box

L1 Bithead

Re: what do we exactly mean by threat prevention throughput of firewall ?

@reaper  any comments ?

Community Team Member

Re: what do we exactly mean by threat prevention throughput of firewall ?

Hi @KunalChopra ,

 

Having 1 profile or all profiles enables shouldn't make a difference with the single pass architecture.

 

As I said earlier it will greatly depend on the size and number of sessions, the ciphers used with decryption, the nature of certain applications (smb for example can have an impact).

Without having done some proper traffic analysis I don't think you can put an actual number on it.

 

Cheers,

-Kiwi.

L7 Applicator

Re: what do we exactly mean by threat prevention throughput of firewall ?

Hello,

Enabling decryption is a must. Without it too much slips through the cracks and leaves the network vulnerable.

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!