I am always in doubt when someone asks how much PA 220 can support as far as throughput is concerned.
In datasheet there are 2 throughput , firewall throughput ( 560 Mbps) and threat prevention throughput ( 260mbps).
Customer has line of 2 active links 80mbps each ( 80*2 =160 ).
Someone please explain what is exactly threat prevention throughput ? and what if I enable SSL decryption ? this value will come down to how much ?
Hi @KunalChopra ,
Threat Prevention Throughput is when you have threat prevention enabled ... so having security profiles enabled on your rules.
SSL decryption can have an impact.
It's difficult to say how much because it depends on many things like ciphers used and session size etc ...
Hi kiwi ,
ok can we say that if we enable security profiles on all rules on PA 220 ( excluding SSL ) , then firewall will give 260 mbps of throughput ?
or in other words , in my case customer has 160mbps of bandwidth ( 2 isps 80mbps each ) , so can i size PA 220 for this situation assuming I am enabling all profiles ?
Also keep in mind not just throughput but sessions. If you have tons of sessions being created but not a lot of throughput, this will drag performance down as well. In all honestly, I personally see the PA-220 as a lab unit or home unit only. The smallest I would recommend to a customer would be the 800 series.
I am not sure but i think PA 220 without decryption can handle 160 mbps of bandwidth with all engines activated.
Also session is not an issue because currently at peak they are having nearly 15k session way less than 64k supported on our box
Hi @KunalChopra ,
Having 1 profile or all profiles enables shouldn't make a difference with the single pass architecture.
As I said earlier it will greatly depend on the size and number of sessions, the ciphers used with decryption, the nature of certain applications (smb for example can have an impact).
Without having done some proper traffic analysis I don't think you can put an actual number on it.
Enabling decryption is a must. Without it too much slips through the cracks and leaves the network vulnerable.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!