I have questions.
I know throuhput performance is half when using Threat Prevention.
If we would use only url filtering, how is PA's throughput performance? Is it same when using TP or only using application?
And If we would use only file blocking, how about?
I think if url-filtering and file-blocking use signature-match-chip, it would be same when using TP.
if they do not use signature-match-chip, it would be same when using only application.
Please let me know it.
The throughput reduction as indicated by the generic spec sheet per chassis gives a guesstimate of a fully loaded device with all bells and whistles enabled with a good mixture of traffic. Each environment has it's unique qualities and may see better or worse performance
URL filtering is not part of threat prevention and has a completely different impact on throughput than threat prevention as URL filtering does not need to inspect packets but rather needs to determine the url category by intercepting the host header/certificate common name/SNI and then doing a category lookup in the database, cache or cloud repository to verify if the connection can be allowed or needs to be blocked.
As such, URL filtering has no real impact on throughput directly but if for some reason cloud lookups are hindered, this could introduce latency in the individual connections that require a lookup
hope this helps
Thanks for your answer.
It helps me. I make sure it.
How about File-Blocking?
And If I would use only custom url category, The latency would reduce?
Because It have to query to cloud.
it will depend too much on how fileblocking is implemented (only a to b, all traffic, only filesharing apps, ...) to give a solid answer to your question. It is best to assume the worst (50% overall decrease) and then be happily surprised you get far better performance ;)
Or set up some rigorous testing with a realistic network design to gauge what the behavior would be like in your specific setup
using custom-categories-only would cause even less potential "latency" (as any latency would depend mostly on outside factors)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!