This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PA-500 Throughput

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA-500 Throughput

RustyPA
L1 Bithead

‎04-21-2016 02:06 PM

The PA-500 datasheet indicates that the maximum throughput for traffic being filtered by App-ID is 250Mbps

 

 

https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/pa-500/pa-500-ds.pdf

 

What it doesn't say, is what if I just have two devices connected to two 1Gb ports and the PA is just doing switching between the two ports without doing App-ID or threat prevention?  Can I get at least 1Gb of throughput across the backplane of the firewall between these two ports?

 

What is the total throughput capacity of the PA-500 without limiting it by App-ID, threat prevention or IPSec VPN?  I'm assuming it has be be more that 1Gbps since each interface is 1Gb capable and less than 100Gbps but does someone have a number?

 

Thanks!

 

 

0 Likes Likes
3 REPLIES 3

Brandon_Wertz
L6 Presenter

‎04-21-2016 06:11 PM - edited ‎04-21-2016 06:12 PM

I've heard of PA-200s pushing 700Mbps.  Palo severly under reports their capacity specs.  Capabilities are just going to depend on what the appliance is doing.

 

What are you doing on the 500?  Do you have 0 security policies doing any sort of application control or any profiles and you're expecting to get 2Gbps of switching throughput?

0 Likes Likes

RustyPA
L1 Bithead
In response to Brandon_Wertz

‎04-29-2016 12:11 PM

Ok thanks for the input.  For example, suppose the PA does the following:

-Has one port that faces the public internet.  This one port will have some filtering and policies.  It needs to handle only a very small amount of bandwidth (<10 Mbps)

-However the PA doubles as a backup to a small Cisco switch in a small remote office.  If the regular Cisco switch goes down we want to have redundant links from the server to the PA and from the PA to the NA so that the PA could handle storage traffic from a server to a NAS, until we get the other switch back online.  This storage traffic would take 4 ports - 2 for the server and 2 for the NAS.  For the traffic between these ports we don't need any filtering or security policies whasoever. 

 

I'm hoping those 4 ports dedicated to handling backup traffic in a failure scenario could handle 2Gbps across the backplane

0 Likes Likes

BrettBrown
L1 Bithead
In response to Brandon_Wertz

‎05-01-2016 03:10 AM

Not really, they publish the minimum specs, e.g. what the device is capable of at 64 byte packets/second.

 

Ive pushed more then 1Gb/s through a PA200, but that was full size packets.

0 Likes Likes
  • 2514 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks