PA-500 Throughput

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L1 Bithead

PA-500 Throughput

The PA-500 datasheet indicates that the maximum throughput for traffic being filtered by App-ID is 250Mbps

 

 

https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/pa-500/pa-500-ds.pdf

 

What it doesn't say, is what if I just have two devices connected to two 1Gb ports and the PA is just doing switching between the two ports without doing App-ID or threat prevention?  Can I get at least 1Gb of throughput across the backplane of the firewall between these two ports?

 

What is the total throughput capacity of the PA-500 without limiting it by App-ID, threat prevention or IPSec VPN?  I'm assuming it has be be more that 1Gbps since each interface is 1Gb capable and less than 100Gbps but does someone have a number?

 

Thanks!

 

 

Highlighted
Cyber Elite

I've heard of PA-200s pushing 700Mbps.  Palo severly under reports their capacity specs.  Capabilities are just going to depend on what the appliance is doing.

 

What are you doing on the 500?  Do you have 0 security policies doing any sort of application control or any profiles and you're expecting to get 2Gbps of switching throughput?

Highlighted
L1 Bithead

Ok thanks for the input.  For example, suppose the PA does the following:

-Has one port that faces the public internet.  This one port will have some filtering and policies.  It needs to handle only a very small amount of bandwidth (<10 Mbps)

-However the PA doubles as a backup to a small Cisco switch in a small remote office.  If the regular Cisco switch goes down we want to have redundant links from the server to the PA and from the PA to the NA so that the PA could handle storage traffic from a server to a NAS, until we get the other switch back online.  This storage traffic would take 4 ports - 2 for the server and 2 for the NAS.  For the traffic between these ports we don't need any filtering or security policies whasoever. 

 

I'm hoping those 4 ports dedicated to handling backup traffic in a failure scenario could handle 2Gbps across the backplane

Highlighted
L1 Bithead

Not really, they publish the minimum specs, e.g. what the device is capable of at 64 byte packets/second.

 

Ive pushed more then 1Gb/s through a PA200, but that was full size packets.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!