What Does IPSec VPN Throughput Mean?
70704
Created On 05/05/20 19:07 PM - Last Modified 11/13/20 22:06 PM
Question
In product datasheet, it has the performance data for IPSec VPN throughput. For example:
PA-3220
App-ID firewall throughput 5 Gbps
Threat prevention throughput 2.4 Gbps
Connections per second 57,000
Max sessions (IPv4 or IPv6) 1,000,000
Performance*
App-ID firewall throughput 5 Gbps
Threat prevention throughput 2.4 Gbps
IPSec VPN throughput 2.7 Gbps
Connections per second 57,000
How does the maximum IPSec VPN throughput define?
Environment
- PA Firewall
- PAN-OS 8.1, 9.0, 9.1
Answer
Following from the example above:
Performance*
App-ID firewall throughput 5 Gbps
Threat prevention throughput 2.4 Gbps
IPSec VPN throughput 2.7 Gbps
Connections per second 57,000
The PA firewall overall could support up to 2.7Gbps for IPsec VPN throughput, but VPN tunnels would be based on maximum of physical link. So, if there exist six IPsec VPN tunnels came out on a 1G interface, the possible maximum throughput would be 1G divided by 6 on each tunnel. Some tunnels might get lower throughput, as it based on the traffic in each tunnel, such as traffic flows, packet sizes, etc.