Has anyone here tried to benchmark there Palo Alto Firewalls? We are using Breaking Point(same company that Palo Alto uses)to test our Lab 2050's. We have come to the conclusion that the PA 2050 starts dropping packets at about 250Mbps(with about 5-600 new sessions per second). This is with Threat Prevention disabled. The 2050 is spec'd out to be able to handle 1Gbps of Firewall traffic with Threat Prevention disabled. The Breaking Point is acting as the Client and the Server. We put the rules that allow the Breaking Point traffic at the very top. The Breaking Point Client is doing a simple HTTP GET request, and the Breaking Point Server responds with a 44k text file.
Running this command...
"show counter global filter severity warn delta yes"
...these counters normally have the highest hits...
-Software packet buffer allocation error
-packets dropped because of failure in tcp reassembly
-out-of-window packets dropped
Did you refresh your contact with PA so it isnt that somebody is on vacation, sick or even left PA all together or such?
Regarding 2000 series, if I would about to buy some new gear I would look at the 3000 series instead of the 2000 series. Much better commit times and better SSL decryption performance (in terms of concurrent ssl decryptions) aswell.
And in case 3000 isnt enough I would go for 5000 series.
Just to add to this, PA shipped us a PA-500 and I am successfully meeting or beating their spec sheet numbers using the exact same testing methodology we used for this thread.
See http://media.paloaltonetworks.com/documents/PA500_Specsheet.pdf for the spec sheet I'm referring to.
We're getting around 300 to 350 megs with no threats turned on with the PA500, and around 200-250 megs with threat profiles turned on.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!