End-of-Life (EoL)

VM-Series Model Capacity and Performance

Use the following information and table to determine capacity and performance for VM-Series firewalls:
  • VM-100, VM-200, VM-300, and VM-1000-HV—The capabilities of the VM-200 and VM-1000-HV now match those of the VM-100 and VM-300, respectively. All existing models now support higher performance and much higher capacity than before on an optimized compute footprint.
  • VM-500 and VM-700—These new models can utilize a larger compute resource footprint to achieve higher performance and capacity than other VM-Series firewall models.
  • VM-50—A new virtual firewall model that delivers lower performance on a small hardware footprint and supports oversubscription of compute resources.
VM-Series Model
Sessions
Security Rules
Dynamic IP Addresses
Security Zones
IPSec VPN Tunnels
SSL VPN Tunnels
VM-50
50,000
250
1,000
15
250
250
VM-100
VM-200
250,000
1,500
2,500
40
1,000
500
VM-300
VM-1000-HV
800,000
10,000
100,000
40
2,000
2,000
VM-500
2,000,000
10,000
100,000
200
4,000
6,000
VM-700
10,000,000
20,000
100,000
200
8,000
12,000
Use the firewall comparison tool to view the maximum capacities and additional technical information about each VM-Series firewall model.
This release adds I/O enhancements through the support for Data Plane Development Kit (DPDK) for the VM-Series on KVM, ESXi, and AWS and Large receive offload (LRO) for the VM-Series firewall on NSX. Additionally, SR-IOV is now supported for ESXi.
DPDK enhances VM-Series performance by increasing NIC packet processing speed. On the VM-Series firewall, DPDK is enabled by default on KVM and ESXi. If you disable DPDK or it is disabled by default, packet map is used instead.
On AWS, DPDK is disabled by default. HA on AWS requires the adding and deleting of interfaces dynamically, which is not supported in DPDK. If you are not using HA, you can enable DPDK to increase performance.
All data interfaces must be using the same driver to support DPDK.
Hypervisor
Virtual Driver
Intel Driver
ESXi
VMXNET3
ixgbe, ixgbevf, i40e, i40evf
KVM
virtio
ixgbe, ixgbevf, i40e, i40evf
AWS
ixgbevf
LRO is a technique for increasing the inbound throughput on high-bandwidth network connections by decreasing CPU overhead. This release adds support for LRO on the VM-Series firewall on NSX. LRO is disabled by default on new NSX deployments and on upgrade to 8.0. You can enable or disable LRO and view the LRO status through the CLI.

Recommended For You