CPS Measurements to Take

What measurements should you take to baseline the average and peak CPS so you can set reasonable flood thresholds?
Measure average and peak CPS traffic over the course of at least five business days or until you’re confident that the measurements reflect the network’s typical traffic patterns; the longer measurement period, the more accurate the measurements. Take into account special events, quarterly events, and annual events that may spike the number of CPS you need to support. You may need to adjust Zone Protection profiles and schedule adjusted DoS Protection policy rules to accommodate these types of events if your firewalls have the capacity to handle extra traffic. Take the following baseline measurements:
  • For Zone Protection profiles, measure the average and peak CPS ingressing each zone.
  • For aggregate DoS Protection profiles, measure the combined average and peak CPS for each group of devices you want to protect.
  • For classified DoS Protection profiles, measure the average and peak CPS of the individual devices you want to protect.
Also understand the capacity of your firewalls and how other resource-consuming features such as decryption affect the number of connections each firewall can control. As a general rule, the closer a firewall is to the perimeter, the greater its capacity needs to be because it handles more traffic. The datasheet for each firewall model includes the total new sessions per second (CPS) the firewall supports and the Firewall Comparison Tool enables you to compare the CPS (and other metrics) of different firewall models.

Related Documentation