04-12-2018 10:54 AM
I am planning to bring in a new ssl decryption appliance to my current network. How can I guage the ssl throughput on my curent PA-5020 to make decision on right size of appliance?
04-12-2018 11:32 AM
Well the public specs are around 2Gb of capacity through the appliance when doing features other than App-ID.
Are you going to be putting this appliance before or after the FW? You're wanting it to have the same SSL performance capabilities as your 5020?
04-12-2018 11:45 AM
This appliance will be in-line(Probably layer-2) with firewall. Yes, we want same ssl performance as on firewall. Before making any decisions on product, I want to guage our ssl throughput because we hardly touch 150Mbps(Total) throughput at any point.
04-12-2018 11:53 AM
Can I ask why you're wanting to get a separate SSL appliance? The firewall can SSL decrypt redirect (mirror) native on the appliance.
I admit I don't know how to get you exactly what you're looking for. Are you wanting decrypted SSL or just general SSL throughput? You should easily be able to use ACC to get general SSL throughput but getting a "bps" decrypted throughput will probably be challenging.
It might be safer getting an appliance that can do 1Gbps of decrypted SSL. That way you had plenty of headway and don't need to revisit this topic in the future.
04-12-2018 12:15 PM
I am very comfortable doing decryption on firewall but I learnt there would be a significant performance loss if done.
So, we want to deploy a dedicated appliance. Not sure about sizing. So, I am struggling to get the numbers right.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!