Dear Marius,

I have understood all your points except no's of users and internet bandwidth

for example if a customer says he has 500 users and the internet bandwith is 34 mbps so how will u calculate throughput of firewall for decision.

thanks

You need the number of users as this will directly affect the AnyConnect license you will need to purchase if that is required, and this will indicate the number of connection that will be estabilished through the firewall (this will also be a deciding factor on which model you will recommend.)

As for the bandwidth, you would need to have access to monitoring equipment to see how much traffic is being sent / received to know what their current bandwidth needs are.  If they say that they intend to employ twice as many people over the next 5 years then you can safely say that in 5 years the used bandwidth will be dobble what it is today.  Of course this is not counting any webserver they may have and the amount of traffic that is generated towards them.

--

Please remember to select a correct answer and rate helpful posts

Dear,

You need the number of users as this will directly affect the AnyConnect license you will need to purchase if that is required, and this will indicate the number of connection that will be established through the firewall (this will also be a deciding factor on which model you will recommend.)

lets keep all the VPN features aside and i want to decide the firewall based on 1000 users how i will judge how many connection will be from each user and on based of that  which throughput firewall has to be proposed.

thanks

the connections and throughput you will need to estimate based on what the clients current setup is using.  

To estimate throughput you would primarily gage this by the customer's internet bandwidth.  For example if the customer has a 1 Gb internet connection, it would not be a good choice to suggest an ASA that only has 250Mbps throughput.  So decide the throughput based on the current bandwidth and estimate the need for more bandwidth in the future (if needed).

again the number of connections throught the firewall needs to be estimated based on what the client currently is utilizing.  Normally the number of connections supported by a firewall that again supports the full internet bandwidth is sufficient but there can be some exceptions.  If you do not foresee a lot of connections from the internet and it is mainly the company employees that will be accessing the internet and DMZ and other local networks through the firewall you should be fine by just sizing up based on throughput / bandwidth.

--

Please remember to select a correct answer and rate helpful posts

Dear Marius

Excellent hint for the internet firewall,

BUT FOR

DATACENTER FIREWALL:

again the number of connections throught the firewall needs to be estimated based on what the client currently is utilizing.

How I can know the utilization :

as u told me by monitoring software which will show me the interface,cpu,memory,xlate  utilization so based on that how I can estimate the firewall

And sometime it is a totally green network which is build from scratch then at that situation when we meet the customer they say that we have 1000 users in this situation how we can judge.

thanks

thanks for the precious time you used to reply the queries,

sorry for the late reply and ratings