Appliance Sizing Tool - General Assumptions & Testing Methodology

This document presents the general assumptions & performance testing methodologies taken for the Appliance Selection Tool.
This document is being updated periodically with new methodologies upon new features and requirements (Last updated - Oct 2013).

Table of Contents

General Assumptions

Performance Forecasts

Blade Inspection Policy

In order to apply 'Internet only' traffic to the blade inspection, you should validate the inspection scope on each blade policy.

Appliance Selection tool - Security requirements step.

Testing Methodology

Lab Setup

This section provides general information about the topologies and test-beds of the performance tests for the Appliance Selection Tool.
During the performance tests, the DUT (device under tests) can contain the maximum possible network interfaces connected.

Traffic Blends

Internet Blend

Full traffic blend description

Protocol Action Details Distribution
HTTP Amazon Home Page HTTP GET of Amazon Home Page, 676K 16%
Yahoo Home Page HTTP GET of Yahoo Home Page, 292K 16%
Facebook Home Page HTTP GET of Facebook Home Page, 271K 16%
Google Search HTTP GET of Google Home Page, 41K 17%
Google Mail HTTP GET of Gmail index.html file, 21K 2%
HTTP Post 100K PDF file 1%
Total HTTP Protocol 68%
SMTP SMTP 17K MIME Message with PDF Attachment file 7%
SMTP 100K MIME Message with MS word Attachment file 6%
Total SMTP Protocol 13%
HTTPS HTTPS 10K HTTPS GET of 10K file 5%
HTTPS 100K HTTPS GET of 100K file 5%
Total HTTPS 10%
Other Protocols DNS DNS Query 6%
POP3 Message size: 256-512 bytes 1%
Telnet Login; cd /disk/images; ls 1%
FTP FTP get, 1MB file 1%
Total Other Protocols 9%

Data Center Blend

Topology Diagram

SecureXL & CoreXL

SIM Affinity

Performance Pack is able to utilize architecture of multiple CPUs and Cores. In order to optimize results, Performance Pack attaches different NICs IRQs, to different CPUs or cores. This process is done automatically and by default by Performance Pack.

For these performance tests we used manual assignment in order to achieve maximum results.

Security Management Deployment

Standalone Deployment - Where the gateway and the Security Management server are installed on the same machine.

Distributed Deployment - Where the gateway and the Security Management server are installed on different machines.

Security Policy

Firewall Rule Base


Network Address Translation (NAT)

Software Blades Configuration

IPS Blade

Profile Assignment: Pre-defined Profile: "Recommended_Protection".

Protection Scope: Protect Internal Hosts only.

Mobile Access Blade


Anti-Bot & Anti-Virus Blades

Application Control & URL Filtering Blades

Data Loss Prevention Blade

Threat Emulation Blade