Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-24-2022 11:45 PM
Hi,
I am looking for a firewall for 3000 users,
and 500 vdi access
expecting approximately igb internet traffic
Please help to size,
Ho much throughput I needed
Thanks
03-28-2022 05:25 AM
if you're a partner you can use 'popsicle' from the NextWave portal https://www.paloaltonetworks.com/partners/nextwave-partner-portal/cyberforce/cyberforce-members-only
to get a decent sizing you'll need to estimate how much ipsec, app-id and ssl throughput you will expect, and then guesstimate how much l7 scanning you're going to apply
ie.
1gbps app-ID sizes to pa-820,
1gbps threat-ID sizes to pa-3220,
1gbps ssl decryption + threat-ID sizes to pa-5220
06-15-2022 12:16 PM
Hello,
Here is a link to the comparison sheet:
https://www.paloaltonetworks.com/products/product-selection
Then select the devices you think might work. In your case, start with the 3410 and 5410 as a comparison.
I always look a the smallest number and go from there, even if I'm not using it. This way if in the future you need that feature, you have it sized correctly, if nothing else changes. Also dont skimp on the licenses and features. They help you more than you know.
I'm only guessing but I bet a 3410 would work for you (but dont go by my advice only since I dont know your environment). Stay with the models that have the 4 as the second number, they are the newest architecture.
Cheers!
03-28-2023 12:03 PM
What is the best way to size that for an existing customer, on an existing firewall?
03-29-2023 11:39 AM
Hello,
If the Palo Alto has already been deployed, check the CPU utilization. This is a good indicator (not the only one) of the performance of the existing system. If you are looking to replace another vendors firewall, What I do is take the amount of bandwidth that the traffic is going through and them spec the Palo Alto with that number using the most restrictive numbers, usually the 'Threat Prevent' numbers. Then make sure that its less than 50% of that. This give room for growth etc.
Regards,
03-29-2023 11:43 AM
Hello,
For those specs, I would go with a PA-5410 series.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
