Internet connection faster than Firebox max throughput
we own a Firebox T35 with Basic Security Service. Our provider is about to switch our Internet connection from 20 Mbit/s Fiberline to a 300 Mbit/s Fiberline. As per the specification of the T35 the UTM throughput is 208 MBit/s only.
Now a few questions:
Does this mean that our Firebox will reduce to throuput of the Internet connection by abt. 30 pct? ("bottleneck")
Could the higher throuput of the internet connection cause problems when using a T35? (overflow or similar)
What are the risks of running such combinations and what needs to be done to make it work flawlessly?
Sign In to comment.
well i real life the T35 is never going to handle 200Mbit/s with full UTM. The ones we have doing https inspection do not go over 30-40Mbit/s and at that speed it is using 100% cpu usage.
What i would do is to create packet filters for destinations you do not need to inspect (Microsoft 365, banking, trusted sites ect.). I´ll bet you only hit the max wan speed when doing big up- og downloads except if you have many many users behind the firebox.
I have a client with a T35 with Total Security and a 300/20 Spectrum connection. As RVilhelmsen suggests, I have a packet filter for trusted sites that she MUST be able to reach under any conditions, such as Microsoft 365 and Intuit, plus other tax software vendors. For everything else, it runs through HTTPS with DPI enabled, and she has zero issues.
In reality, yes, a "full UTM" limit of 208Mbps might be a problem, but "full UTM" only happens for PART of a download. For example, if she needs to download a 100MB file, GAV only scans up to its limit of 20MB, and once that passes, GAV drops out of the "full UTM" scan. In my experience, the biggest slowdown is IPS if it's set to Full Scan.
Also s RVilhelmsen suggests, users likely will never need that 300Mbps speed unless they are doing large downloads and uploads. For normal web browsing and email, I doubt anyone will fell any slowness from the T35.
I do NOT see the slow speeds and high CPU that he mentioned.