Recommended CN-Series HSF system and capacity matrix
Here are our recommended system requirements for CN-Series HSF.
The following table separates data by CN-Series sizes—small, medium, and
large. The throughput inspection that the CN-Series HSF can perform varies based on
the size of the cluster.
CN-Series Small for HSF
CN-Series Medium for HSF
CN-Series Large for HSF
The CN-Series HSF requires two node groups—CN-MGMT and CN-DB with two nodes
each. The number of nodes needed for CN-GW and CN-NGFW node groups depend on the
throughput.
Cluster Flavor
Small
Medium
Large
CN-GW
Cores
24
24
24
Memory
16 GB
20 GB
24 GB
Bandwidth
50 Gbps
100 Gbps
100 Gbps
Instance Type
c5n.9xlarge (36vCPU, 96Gi)
c5n.18xlarge
c5n.18xlarge
CN-DB
Cores
8
8
12
Memory
0.64 x 12 x MaxSession (in Million) GB
0.64 x 12 x MaxSession (in Million) GB
0.64 x 10 x 10 GB
Bandwidth
10 GbE
25 GbE
25 GbE
Instance Type
c5n.4xlarge (16vCPU, 42Gi)
c5n.4xlarge
c5n.9xlarge
CN-MGMT
Cores
4
12
12
Memory
16 GB
16 GB - 24 GB
16 GB - 24 GB
Bandwidth
10 GbE
10 GbE
10 GbE
Disk
56 Gi
80 Gi
80 Gi
Instance Type
c5n.4xlarge (8vCPU, 21Gi)
c5n.4xlarge or c5d.9xlarge
c5n.4xlarge or c5d.9xlarge
CN-NGFW
Cores
15
24
24 - 36
Memory
20 GB
16 GB - 47 GB
48 GB ( 56 GB for cores > 32)
Bandwidth
25 GbE
50 GbE
50 GbE
Instance Type
c5n.4xlarge (16vCPU, 42Gi)
c5n.9xlarge
c5n.9xlarge
Recommended CN-Series HSF Flavor
Cluster Flavor
Number of Nodes
Total Number of Interfaces
Minimum Number of Interfaces
Small
Medium
Large
CN-GW
2
3
4
4-15
4
CN-DB
2
2
2
2
2
CN-MGMT
2
2
2
1
1
CN-NGFW
6
8
10
3
3
Additional CN-NGFW to cover DP Failure
2
2
2
-
-
CN-Series HSF Jumbo Mode Support
When jumbo support is enabled, Panorama configures maximum transmission
unit (MTU) for all interfaces on the non CN-MGMT to 8744 bytes.
The system MTU is 9000 bytes in jumbo mode and interfaces will inherit the system
MTU if the MTU is not specified.
In EKS hosts, the default MTU value for AWS EC2 instances is 9000. Hence, no
configuration is needed on the host side.
When jumbo support is disabled, Panorama configures maximum transmission
unit (MTU) for all interfaces on the non CN-MGMT to 1756 bytes.
You must match your jumbo and non-jumbo MTU values on your EKS environments with the
Panorama MTU values.