Firewall throughput vs Internet bandwidth

2

We are seeking for a new firewall(UTM) for our office setup. When we are trying to find a suitable model, we are confused by the firewall throughput. We got 3 different products quotes.

For example one UTM have 5Gbps throughput. However our internet bandwidth is only 20 Mbps line and 4 Mbps (Two lines). Number of users is around 100.Is that we should find a lower model firewall ?

Also, how can we estimate the throughput against the number of users in our office ?

Navajyoth M S

Posted 2017-03-15T06:40:04.303

Reputation: 121

Answers

1

I think you should be skeptical of the "gigabit" speed rating - a more valuable figure might be the number of packets per second it can handle when utilizing the features you require.

If the "Gbps" figure is accurate (and not an unrealistic best case scenario when all filtering is turned off), even the 1.5Gbps router is way overkill for your requirements.

As far as estimating usage - don't. Speak to your Internet provider and ask them for your data usage figures and go on those.

davidgo

Posted 2017-03-15T06:40:04.303

Reputation: 49 152

I want to know how to measure required UTM throughput based on number of users and WAN speed ? – Navajyoth M S – 2017-03-15T09:10:20.053

0

If your line is 20 Mbps, then anything above that can saturate your capacity. Which means that a faster firewall is no better than the lowest speed firewall that can handle your traffic.

So if you are looking at Gigabit firewalls, I would presume that you either need their features (two lines) or that you are intending to speed up your connection at some point in the future.

But no matter, it sounds like even if you got Gigabit service a 1.5Gbps router would handle it easily.

Note that when they tell you those kinds of speeds, those are "marketing" speeds. In actual use, your mileage may vary.

Second answer: The best way to estimate the total user need is to look at the types of things they do.

For instance, if they use web pages to fill out forms, that is "bursty" and the long-term bandwidth usage is low. First the page loads, with graphics, etc., then there is little activity while either filling out forms or even reading the news.

Streaming users require moderate bandwidths for extended periods. I use a rule of thumb of 1.5 Mbps per full-screen streaming user. HD is higher, of course.

Then add it all up.

I always then double it.

Then compare that to your internet capacity. (since your firewall is so fast it is like it isn't even there).

By doing that you can decide whether you may need more speed from your ISP.

The trend is towards more video (think Facebook Live), so that should be part of your estimates of how much speed you need.

SDsolar

Posted 2017-03-15T06:40:04.303

Reputation: 1 206

Currently we don't have 5Gbps router. Three vendors demonstrated 3 different UTM. Actually they are having 5Gbps, 2.5Gbps, 1.5Gbps throughput respectively. based on this i am asking whether we should go for lower throughput UTM model. – Navajyoth M S – 2017-03-15T07:20:11.683

Got it. Well, your bottleneck is your connection(s) to your ISP. You did not specify how you use the two connections - whether they serve separate departments, or whether they are intended to be combined into one fault-tolerant connection for everybody. That is more a routing issue than a firewall issue. The point is that if you have 20 Mbps total in/out to the Internet, then any of those would be sufficient. Unless you plan to increase your Internet speed to above 1.5 Gbps, there is no need to buy anything that can handle so much throughput. – SDsolar – 2017-03-15T14:18:03.827

Think about it like math. Anything above your ISP speed is not going to give you any better performance. So in terms of price/performance ratio, when your performance would be the same with any one of them, the only difference is price. Firewalls are made to keep out the bad stuff that probes your network. But in reality, your biggest exposure to malware is email, where your users effectively reach out and pull it in. Second is when users visit bad websites (gambling, porn) that can give you drive-by malware. Installing a firewall is only one part of your overall security solution. – SDsolar – 2017-03-15T14:24:21.270

We will handle two connections using load balancer available in firewall. But i suspect that number of users will effect firewall performance. Because the firewall is also having processor and and ram. I don't know how it will manage large number of users ? – Navajyoth M S – 2017-03-16T06:35:31.203

Asked: 2017-03-15T06:40:04.303

Viewed: 3 067 times

Active: 2017-03-15T14:28:37.457