Hi Shrikant

how could i know the amount of traffic expected to go through the devices, than i can select the model accordingly.

Hi Ibrahim,

The amount of traffic going through the devices would depend on the topology.

Suppose you have the following topology:

ISP ---------- IPS_sensor ------------ ASA ------------Switch --------- Inside network

If your ISP provides you a 100 mbps Internet connection, then on the outside, you should not see more than that.

So if the IPS can handle at least 100 mbps of traffic, it should be more than enough.

Now for the ASA, you would have to consider the number of interfaces that will be active on it, and how many users would be active behind the ASA at a given time.

Suppose you have servers on the DMZ which will be accessed by inside network, and a 100 mbps internet connection as before.

Then you would need over 100 mbps throughput, so that even if the full internet bandwidth is being used, access to your DMZ is not compromised.

Now you would have to take a calculated guess as to how much bandwidth would be in use, on average between the internal interfaces. Add the internet connection bandwidth to it. That would be the estimated network bandwidth through the ASA.

Hope this helps.

-Shrikant

P.S.: Please mark the question as answered, if it has been resolved. Do rate helpful posts. Thanks.

Hi Shrikant

Thanks for good clarification

can u explain briefly the below

Now you would have to take a calculated guess as to how much bandwidth would be in use, on average between the internal interfaces. Add the internet connection bandwidth to it. That would be the estimated network bandwidth through the ASA

Hi Ibrahim,

I will try to put this in another way.

100 mbps is consumed through the ASA if the internet is being used to full capacity.

Now suppose a server is connected on the DMZ, which is again a 100mbps interface.

Lets suppose, you need to have 10,000 simultaneous connections to a server for the server to use up full 100 mbps.

Now if you need to have an idea of how many users might need simultaneous access to it. This depends on the service and the industry.

For example, if it is a hospital, and this server holds all prescription details, then all pharmacies would have continuous connections to the server, and doctors would be continuously uploading small files (individual patient's prescriptions). So on an average you can say that 22 doctors and 3 pharmacies within the hospital would have connections to the server. Then it would be using 0.25 mbps only.

Generally the DMZ would have a lot of servers. You would need to calculate individual average bandwidth usages for each server, depending on the type of service it provides. Add a margin for the scenario where all might be on high usage levels. And arrive at a well calculated total bandwidth required.

I think NCEs (Network Consulting Engineers) would have a proper process or methodology in going about calculating this. But this would be the rough idea behind it.

Hope this helps.

-Shrikant

P.S.: Please mark the question as answered if it has been resolved. Do rate helpful posts. Thanks.

Thanks Shrikant