VM-Series on Amazon Web Services Performance and Capacity
Many factors, such as AWS instance size,
maximum packets per second supported, number of cores used, and
AWS placement group, can affect performance. In addition to those
noted, the performance and capacities listed in the following table
have been generated under these test conditions:
Recommended AWS Instance types (c5/m5/c5n/m5n) and sizes
that use the AWS Nitro Hypervisor with Enhanced Networking Adapter
(ENA). Additionally, SR-IOV and DPDK are enabled and AWS placement
groups are configured.
Firewall throughput and IPsec VPN are measured with App-ID™
and User-ID™ technology features enabled, utilizing 64 KB HTTP transactions.
IPsec VPN performance is tested between two VM-Series instances
in a placement group in the same availability zone and region. The
performance will vary based on AWS instance type and connectivity
topology (e.g., connecting from on-premises hardware to VM-Series
on AWS; from VM-Series in an AWS VPC to an AWS VGW in another VPC;
or VM-Series to VM-Series between regions).
New sessions per second are measured with 1 byte HTTP transactions.
Threat Prevention throughput is measured with App-ID, User-ID,
IPS, antivirus, and anti-spyware features enabled, utilizing 64
KB HTTP transactions.
We recommend additional testing within your environment to ensure
your performance and capacity requirements are met. For a complete
listing of all VM-Series features and capacities, please see compare VM-Series firewalls.
VM-50 / VM-50 Lite*
AWS instance size tested (recommended**)
Firewall throughput (App-ID enabled)
Threat Prevention throughput
IPsec VPN throughput
*The VM-50 and VM-50 Lite are not supported on AWS.
**Refers to recommended AWS instance size of a supported AWS
instance type based on CPU cores, memory, network interfaces and
pricing. For example, m5.xlarge instance (with 2 vCPUs, 16GB memory,
4ENIs at its price is recommended to support VM-300 model for a
range of common.