We decided to upgrade our internet line to 1Gbps from current 100Mbps and now we are using PA-500.
As PA-500's Threat prevention throughput is 100Mbps, does it mean we only have 100Mbps（transmission speed） even the PA-500's interface capacity is 1000Mbps？
In the current state, the PA-500 would be a bottleneck for the 1GB network since as you have correctly identified the maximum throughput with threat prevention enabled is 100Mbps.
The next step up would be the PA-820 or PA-850 which would give you 610 and 780 Mbps threat prevention throughput respectively. However, to utilise the full 1GB link I would recommend the PA-3220 which gives you 2.2Gbps threat prevention throughput.
Thank you Luke.
Does that mean if want to get 100% benefit from the 1G (or 3G)internet line on a PA product, the product we choose at least needs the "Threat prevention throughput" is >= the bandwidth?
Coming 1 more concern here, how do we evaluate whether an FW product needs to be upgraded? any best practice？
I usually look at all the specs and use the lowest numbers as my rule of thumb, even if not using that feature (who knows what the future holds). I would keep an eye on your CPU's and user feedback. They are usually the best indicators.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!