- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-04-2019 09:31 AM
We have a few firewalls and we are using Wildfire, Threat protection, routing and other features on the firewall. Our question is with all these features turned on will this affect the port traffic flow. We are looking for a scale or formula that we can refer to regarding these features and best practices for the configuration on our devices.
03-05-2019 08:51 AM
@derekgriffin2019 wrote:Thank you Brandon,
That is exactly what i am talking about. I undeestand the Threat protection and Wildfire but when it comes to routing and other features to the firewall how can I tell other than third party tools which will tell me such notes. I would assume palo alto would have some sort of documentation for this.
"Routing" won't necessarily impact throughput. "Interzone" routing of particular traffic types can impact throughput. You won't get the real numbers without a NDA from Palo, which your account team can get setup with your company.
03-04-2019 09:51 AM
Have you looked at the product-selection page where you can compare firewalls?
https://www.paloaltonetworks.com/products/product-selection
This will show you expected throughput for each enabled feature. ie -
03-04-2019 10:12 AM
I see what the throughput is but if it is a 10G port and I have routing, Wildfire, Threat Protection etc with that oiverhead, i assume the port will not be pushing 10G through the port.
What is the throughput after these feature being turned on.
03-04-2019 10:17 AM
It's listed on the right hand side of the model. In my example, you will only get an average throughput of 9Gbs on the 5220 with Threat Protection turned on. Basically, look for the lowest number (Threat Protection) and this will be a pretty good gauge of expected throughput.
03-04-2019 10:55 AM
The true answer to your question is, "it depends."
Realworld numbers will vary by all the various features and traffic scenarios. IPSec / SSL decrypt are big things which will significantly impact expected throughput as well as over all sessions per second with associated packet size. Each hardware type will have it's own variances.
In general though start off with the published numbers. Then you can hone in on exactly which hardware type is right for your environment.
03-05-2019 06:12 AM
Thank you Brandon,
That is exactly what i am talking about. I undeestand the Threat protection and Wildfire but when it comes to routing and other features to the firewall how can I tell other than third party tools which will tell me such notes. I would assume palo alto would have some sort of documentation for this.
03-05-2019 08:51 AM
@derekgriffin2019 wrote:Thank you Brandon,
That is exactly what i am talking about. I undeestand the Threat protection and Wildfire but when it comes to routing and other features to the firewall how can I tell other than third party tools which will tell me such notes. I would assume palo alto would have some sort of documentation for this.
"Routing" won't necessarily impact throughput. "Interzone" routing of particular traffic types can impact throughput. You won't get the real numbers without a NDA from Palo, which your account team can get setup with your company.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!