About throughput performance with only url filtering

Showing results for 
Search instead for 
Did you mean: 

About throughput performance with only url filtering

L4 Transporter



I have questions.

I know throuhput performance is half when using Threat Prevention.


If we would use only url filtering, how is PA's throughput performance? Is it same when using TP or only using application?

And If we would use only file blocking, how about?


I think if url-filtering and file-blocking use signature-match-chip, it would be same when using TP.

if they do not use signature-match-chip, it would be same when using only application.


Please let me know it.



KC Lee 






Cyber Elite
Cyber Elite



The throughput reduction as indicated by the generic spec sheet per chassis gives a guesstimate of a fully loaded device with all bells and whistles enabled with a good mixture of traffic. Each environment has it's unique qualities and may see better or worse performance


URL filtering is not part of threat prevention and has a completely different impact on throughput than threat prevention as URL filtering does not need to inspect packets but rather needs to determine the url category by intercepting the host header/certificate common name/SNI and then doing a category lookup in the database, cache or cloud repository to verify if the connection can be allowed or needs to be blocked.


As such, URL filtering has no real impact on throughput directly but if for some reason cloud lookups are hindered, this could introduce latency in the individual connections that require a lookup



hope this helps


Tom Piens


Thanks for your answer.


It helps me. I make sure it.


How about File-Blocking?

And If I would use only custom url category, The latency would reduce?

Because It have to query to cloud.



KC Lee



it will depend too much on how fileblocking is implemented (only a to b, all traffic, only filesharing apps, ...) to give a solid answer to your question. It is best to assume the worst (50% overall decrease) and then be happily surprised you get far better performance 😉


Or set up some rigorous testing with a realistic network design to gauge what the behavior would be like in your specific setup



using custom-categories-only would cause even less potential "latency" (as any latency would depend mostly on outside factors)

Tom Piens
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!