Selecting a Security Solution
The following table offers some guidelines for estimating the performance each UTM Firewall will
experience under each scenario described above.
A
VPN
AGGREGATION
Firewall throughput
■
Key to the
(UDP)
table
IPsec throughput
■
(UDP)
Number of tunnels
■
Number of users
■
800 Mbps
■
AR3050S
400 Mbps
■
100 tunnels
■
50 users
■
2000 Mbps
■
AR4050S
1000 Mbps
■
256 tunnels
■
200 users
■
AR4050S
with UTM
Offload
a. Actual performance may vary depending on network conditions and active services.
b. The number of users is a conservative estimate. When calculating the estimate, we assumed all users
have a high level of simultaneous Internet activity. The actual number of attached workstations connect-
ing via the UTM Firewall could be higher if not all are simultaneously and actively sending traffic.
c. The Enterprise Traffic Mix throughput figures are based on laboratory testing to simulate "real world"
applications and web traffic associated with a small-to-medium sized business (SMB) enterprise. This
test involves a mix of UDP, TCP and HTTP/HTTPS data types.
URL Filtering or Web Control?
URL Filtering and Web Control are two services that govern which websites users are allowed to
access. The two services work in quite different ways, and therefore have different effects on
performance.
URL
URL Filtering is a stream-based service. URLs are filtered using either a user-defined list (in which up
Filtering
to a thousand blacklist and/or whitelist URL entries can be configured), or a downloadable list
(consisting of many thousands of known malicious website URLs) that can be frequently updated,
obtained via Subscription.
URLs are extracted from GET, HEAD, POST, PUT, and DELETE HTTP requests for matching against
white lists and black lists in real time. URL Filtering might be used within an organization wanting to
prevent access to a specific (user-defined) list of URLs via a low-latency stream-based service.
C613-22104-00 REV B
APPLICATION-
AWARE
FIREWALL AND
WEB CONTROL
Throughput (Enterprise
■
Traffic Mix
c
)
Connections per second
■
(TCP)
Number of flows
■
b
Number of users
■
83 Mbps
■
150 connections per
■
second
10k flows
■
20 users
■
128 Mbps
■
450 connections per
■
second
22k flows
■
100 users
■
REAL-TIME
THREAT PROTECTION
Throughput (Enterprise
■
Traffic Mix)
Connections per second
■
(TCP)
Number of flows
■
Number of users
■
79 Mbps
■
1000 connections per
■
second
33k flows
■
20 users
■
200 Mbps
■
3000 connections per
■
second
90k flows
■
50 users
■
660 Mbps
■
1300 connections per
■
second
90 flows
■
250 users
■
URL Filtering or Web Control?
Advanced Network Protection
HIGH
SECURITY GATEWAY
Throughput (HTTP)
■
Connections per
■
second (TCP)
Number of users
■
250 Mbps
■
400 connections per
■
second
10 users
■
|
Page 30