https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676989#M557527 <HTML><HEAD></HEAD><BODY><P>Thanks Shrikant</P></BODY></HTML> Tue, 19 Apr 2011 14:35:37 GMT Ibrahim Jamil 2011-04-19T14:35:37Z https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676983#M557521 <P>Hi Folks</P><P></P><P>How to Size the Firewall appliance or Module and IDSM-2 and IPS Appliance based on the expected network traffic , what is the criteria to do that ?</P> Mon, 11 Mar 2019 20:23:06 GMT https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676983#M557521 Ibrahim Jamil 2019-03-11T20:23:06Z https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676984#M557522 <HTML><HEAD></HEAD><BODY><P>Hi Ibrahim,</P><P></P><P>If you see the links I had provided in the previous post, of the product data sheets, you would see a specification called:</P><P>Performance: Media rich / Transactional. Ex for IPS 4200 series:</P><P>Model&nbsp;&nbsp;&nbsp;&nbsp; 4270&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4260&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4255&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 4240<BR />P(M-r)&nbsp;&nbsp;&nbsp;&nbsp; 4 Gbps&nbsp;&nbsp; 2 Gbps&nbsp;&nbsp; 600 Mbps&nbsp; 300 Mbps<BR />P(Tr)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2 Gbps&nbsp;&nbsp; 1 Gbps&nbsp;&nbsp; 500 Mbps&nbsp; 250 Mbps</P><P></P><P>Similarly, for the firewall, you have the firewall throughput field:</P><P>Model&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5505&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5510&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5520&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5540&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 5550<BR />Thruput&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 150Mbps&nbsp;&nbsp;&nbsp; 300Mbps&nbsp;&nbsp;&nbsp; 450Mbps&nbsp;&nbsp;&nbsp; 650Mbps&nbsp;&nbsp;&nbsp; 1.2 Gbps</P><P></P><P>So now, when you know the amount of traffic expected to go through the devices, you can select the model accordingly.</P><P></P><P>Hope this helps.</P><P></P><P>-Shrikant</P><P></P><P>P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.</P></BODY></HTML> Tue, 19 Apr 2011 11:29:21 GMT https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676984#M557522 Shrikant Sundaresh 2011-04-19T11:29:21Z https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676985#M557523 <HTML><HEAD></HEAD><BODY><P>Hi Shrikant</P><P></P><P>how could i know the amount of traffic expected to go through the devices, than i can select the model accordingly.</P></BODY></HTML> Tue, 19 Apr 2011 13:21:57 GMT https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676985#M557523 Ibrahim Jamil 2011-04-19T13:21:57Z https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676986#M557524 <HTML><HEAD></HEAD><BODY><P>Hi Ibrahim,</P><P></P><P>The amount of traffic going through the devices would depend on the topology.</P><P>Suppose you have the following topology:</P><P></P><P>ISP ---------- IPS_sensor ------------ ASA ------------Switch --------- Inside network</P><P></P><P>If your ISP provides you a 100 mbps Internet connection, then on the outside, you should not see more than that.</P><P>So if the IPS can handle at least 100 mbps of traffic, it should be more than enough.</P><P></P><P>Now for the ASA, you would have to consider the number of interfaces that will be active on it, and how many users would be active behind the ASA at a given time.</P><P></P><P>Suppose you have servers on the DMZ which will be accessed by inside network, and a 100 mbps internet connection as before.</P><P>Then you would need over 100 mbps throughput, so that even if the full internet bandwidth is being used, access to your DMZ is not compromised.</P><P>Now you would have to take a calculated guess as to how much bandwidth would be in use, on average between the internal interfaces. Add the internet connection bandwidth to it. That would be the estimated network bandwidth through the ASA.</P><P></P><P>Hope this helps.</P><P></P><P>-Shrikant</P><P></P><P>P.S.: Please mark the question as answered, if it has been resolved. Do rate helpful posts. Thanks.</P></BODY></HTML> Tue, 19 Apr 2011 13:39:41 GMT https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676986#M557524 Shrikant Sundaresh 2011-04-19T13:39:41Z https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676987#M557525 <HTML><HEAD></HEAD><BODY><P>Hi Shrikant</P><P></P><P>Thanks for good clarification</P><P></P><P>can u explain briefly the below</P><P></P><P>Now you would have to take a calculated guess as to how much bandwidth would be in use, on average between the internal interfaces. Add the internet connection bandwidth to it. That would be the estimated network bandwidth through the ASA</P></BODY></HTML> Tue, 19 Apr 2011 13:58:51 GMT https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676987#M557525 Ibrahim Jamil 2011-04-19T13:58:51Z https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676988#M557526 <HTML><HEAD></HEAD><BODY><P>Hi Ibrahim,</P><P></P><P>I will try to put this in another way.</P><P></P><P>100 mbps is consumed through the ASA if the internet is being used to full capacity.</P><P></P><P>Now suppose a server is connected on the DMZ, which is again a 100mbps interface.</P><P>Lets suppose, you need to have 10,000 simultaneous connections to a server for the server to use up full 100 mbps.</P><P>Now if you need to have an idea of how many users might need simultaneous access to it. This depends on the service and the industry.</P><P></P><P>For example, if it is a hospital, and this server holds all prescription details, then all pharmacies would have continuous connections to the server, and doctors would be continuously uploading small files (individual patient's prescriptions). So on an average you can say that 22 doctors and 3 pharmacies within the hospital would have connections to the server. Then it would be using 0.25 mbps only.</P><P></P><P>Generally the DMZ would have a lot of servers. You would need to calculate individual average bandwidth usages for each server, depending on the type of service it provides. Add a margin for the scenario where all might be on high usage levels. And arrive at a well calculated total bandwidth required.</P><P></P><P>I think NCEs (Network Consulting Engineers) would have a proper process or methodology in going about calculating this. But this would be the rough idea behind it.</P><P></P><P>Hope this helps.</P><P></P><P>-Shrikant</P><P></P><P>P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.</P></BODY></HTML> Tue, 19 Apr 2011 14:14:10 GMT https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676988#M557526 Shrikant Sundaresh 2011-04-19T14:14:10Z https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676989#M557527 <HTML><HEAD></HEAD><BODY><P>Thanks Shrikant</P></BODY></HTML> Tue, 19 Apr 2011 14:35:37 GMT https://community.cisco.com/t5/network-security/size-firewall-and-ips-besed-on-expected-network-traffic/m-p/1676989#M557527 Ibrahim Jamil 2011-04-19T14:35:37Z