03-18-2013 04:40 PM
Hi.
Has anyone done a large-scale implementation of a number of IPSec VPN's through a Palo Alto?
I'm interesting in knowing how the boxes compare when comparing "Specifications" versus actual use.
For example, my PA 2020's are rated to 1000 tunnels, 200 Mb/s IPSec VPN throughput - has anyone actually *run* 1000 IPSec tunnels (or even 500) on a PAN device?
What kind of utilisation/throughput are you getting?
I'm being pressured from Management to implement a stop-gap method for remote workers (Global protect is not an option as the remote end requires several devices connected and fixed IP addresses, so IPSec to a router is our only option) rather than upgrading our existing MPLS solution - but I'm looking at running at least 40-50 IPSec VPN's, with potentially 10 Mb/s throughput each - which would blow the theoretical limit of my PA2020 out of the ater on throughput alone.
If I get them working slower (I.E. fit them into the 200 Mb/s throughput limit), would the number of tunnels cause a significant processing overhead? Where is the encryption/decryption processed - on the dataplane, or the control plane?
Thanks for any input.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
