Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3269
Views
20
Helpful
1
Replies

Please explain in simple english

Go to solution
LSA4
Level 1
Level 1

‎04-07-2016 12:00 AM - edited ‎03-12-2019 12:35 AM

Please explain in simple english what the below mean,

Maximum application control (AVC) throughput?

Maximum AVC and IPS throughput?

Maximum concurrent sessions?

Maximum new connections per second?

AVC or IPS sizing throughput [440-byte HTTP]2?

Supported applications?

URL categories?

Number of URLs categorized?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-08-2016 08:31 PM

Hi there. Please see my answers below:

Maximum application control (AVC) throughput?

NS: This the maximum throughput of the appliance when you enable Application Visibility Control which is basically the Layer-7 Firewall. 

Maximum AVC and IPS throughput?

NS: This is the maximum throughput of the appliance when you enable both AVC/Layer-7 Firewalling and Intrusion Prevention System

Maximum concurrent sessions?

NS: This is the maximum number of concurrent sessions that the Firewall can store in its connection table before it runs out of memory

Maximum new connections per second?

NS: The maximum number of "new" connections per second. This becomes important especially in very dynamic environments with micro burst. Where you can have burst of traffic resulting in higher number of new connections

AVC or IPS sizing throughput [440-byte HTTP]2?

NS: Sizing a security appliance is not as simple as looking at a data sheet. The performance throughput can drastically change based on many different factors. One of those is the typical/average packet size of the network. For instance, if your network traffic is mostly UDP with 1,500 bytes packets then your Firewall throughput will be higher. However, if your network traffic is mostly TCP and with a bunch of smaller packets (440, 220, 100, 50 bytes, etc) then the Firewall throughput will be smaller.

Supported applications?

NS:The total number of applications that FirePOWER will recognize. For instance, MS Word, Plex, FaceBook Chat, etc. This is useful when configuring L7 Firewall and applying IPS signatures. You can also configure custom applications (if your environment has applications that are not automatically recognized by FirePOWER)

URL categories?

NS: Some examples of URL categories are: Guns, Violence, Social Media, etc. With URL categories you can configure FirePOWER to block a whole category rather than individual URLs. 

Number of URLs categorized?

NS: Related to the above. For instance, if you want to block all "Guns" related sites then all of the categorized URLs for "Guns" will be blocked. If for some reason you find a site that is not categorized you can manually block it as well. 

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

1 Reply 1

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎04-08-2016 08:31 PM

Hi there. Please see my answers below:

Maximum application control (AVC) throughput?

NS: This the maximum throughput of the appliance when you enable Application Visibility Control which is basically the Layer-7 Firewall. 

Maximum AVC and IPS throughput?

NS: This is the maximum throughput of the appliance when you enable both AVC/Layer-7 Firewalling and Intrusion Prevention System

Maximum concurrent sessions?

NS: This is the maximum number of concurrent sessions that the Firewall can store in its connection table before it runs out of memory

Maximum new connections per second?

NS: The maximum number of "new" connections per second. This becomes important especially in very dynamic environments with micro burst. Where you can have burst of traffic resulting in higher number of new connections

AVC or IPS sizing throughput [440-byte HTTP]2?

NS: Sizing a security appliance is not as simple as looking at a data sheet. The performance throughput can drastically change based on many different factors. One of those is the typical/average packet size of the network. For instance, if your network traffic is mostly UDP with 1,500 bytes packets then your Firewall throughput will be higher. However, if your network traffic is mostly TCP and with a bunch of smaller packets (440, 220, 100, 50 bytes, etc) then the Firewall throughput will be smaller.

Supported applications?

NS:The total number of applications that FirePOWER will recognize. For instance, MS Word, Plex, FaceBook Chat, etc. This is useful when configuring L7 Firewall and applying IPS signatures. You can also configure custom applications (if your environment has applications that are not automatically recognized by FirePOWER)

URL categories?

NS: Some examples of URL categories are: Guns, Violence, Social Media, etc. With URL categories you can configure FirePOWER to block a whole category rather than individual URLs. 

Number of URLs categorized?

NS: Related to the above. For instance, if you want to block all "Guns" related sites then all of the categorized URLs for "Guns" will be blocked. If for some reason you find a site that is not categorized you can manually block it as well. 

I hope this helps!

Thank you for rating helpful posts!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card