>
    Strata Copilot
    VM-Series on Google Cloud Platform Performance and Capacity
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Models on AWS EC2 Instances
    4. VM-Series on Google Cloud Platform Performance and Capacity
    Download PDF
    VM-Series

    VM-Series on Google Cloud Platform Performance and Capacity

    Table of Contents

    VM-Series on Google Cloud Platform Performance and Capacity

    This page lists the VM-Series performance and capacity requirements on Google Cloud Platform (GCP).
    Where Can I Use This?What Do I Need?
    • VM-Series
    • VM-Series
    • Panorama
    • VM-Series licenses

    11.1

    Learn the latest performance and capacity numbers for the VM-Series firewall on GCP.
    Many factors—such as the shared tenancy of a public cloud environment, GCP instance size, and the number of cores—can impact performance. The performance and capacities listed below have been generated using the indicated GCP instance size, support for DPDK, and the following test conditions:
    • The VM-Series is deployed on GCP as a firewall between clients and servers in the same availability zone and region. Throughput is measured based on bidirectional traffic sent and received by the VM-Series.
    • Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and anti-spyware features enabled, utilizing 64 KB HTTP transactions.
    • IPsec VPN is measured with App-ID™ enabled and performance is tested between a pair of VM-Series firewall instances in a placement group deployed within the same availability zone and region. The performance will vary based on GCP instance type and connectivity topology.
    We recommend additional testing within your environment to ensure your performance and capacity requirements are met. For a complete listing of all VM-Series features and capacities, please see compare VM-Series firewalls.
    Model
    2 vCPUs
    (formerly VM-100)
    4 vCPUs
    (formerly VM-300)
    8 vCPUs
    (formerly VM-500)
    16 vCPUs
    (formerly VM-700)
    32 vCPUs
    64 vCPUs
    GCP instance size tested (recommended)n2-standard-2n2-standard-4 n2-standard-8n2-standard-16n2-standard-32n2-standard-64
    Firewall throughput (App-ID enabled)1.5 Gbps 3 Gbps 8 Gbps 15 Gbps20 Gbps31 Gbps*
    Threat Prevention throughput 850 Mbps1.5 Gbps 3.8 Gbps 7 Gbps13.5 Gbps20 Gbps*
    IPsec VPN throughput 800 Mbps 1.4 Gbps3.5 Gbps 6.7 Gbps12 Gbps18 Gbps*
    *estimated

    11.0

    Learn the latest performance and capacity numbers for the VM-Series firewall on GCP.
    Many factors—such as the shared tenancy of a public cloud environment, GCP instance size, and the number of cores—can impact performance. The performance and capacities listed below have been generated using the indicated GCP instance size, support for DPDK, and the following test conditions:
    • The VM-Series is deployed on GCP as a firewall between clients and servers in the same availability zone and region. Throughput is measured based on bidirectional traffic sent and received by the VM-Series.
    • Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and anti-spyware features enabled, utilizing 64 KB HTTP transactions.
    • IPsec VPN is measured with App-ID™ enabled and performance is tested between a pair of VM-Series firewall instances in a placement group deployed within the same availability zone and region. The performance will vary based on GCP instance type and connectivity topology.
    We recommend additional testing within your environment to ensure your performance and capacity requirements are met. For a complete listing of all VM-Series features and capacities, please see compare VM-Series firewalls.
    Model
    2 vCPUs
    (formerly VM-100)
    4 vCPUs
    (formerly VM-300)
    8 vCPUs
    (formerly VM-500)
    16 vCPUs
    (formerly VM-700)
    32 vCPUs
    64 vCPUs
    GCP instance size tested (recommended)n2-standard-2n2-standard-4 n2-standard-8n2-standard-16n2-standard-32n2-standard-64
    Firewall throughput (App-ID enabled)1.5 Gbps 3 Gbps 8 Gbps 15 Gbps20 Gbps31 Gbps*
    Threat Prevention throughput 850 Mbps1.5 Gbps 3.8 Gbps 7 Gbps13.5 Gbps20 Gbps*
    IPsec VPN throughput 800 Mbps 1.4 Gbps3.5 Gbps 6.7 Gbps12 Gbps18 Gbps*
    *estimated

    10.2

    This page lists the VM-Series performance and capacity requirements on Google Cloud Platform (GCP).
    Many factors—such as the shared tenancy of a public cloud environment, GCP instance size, and the number of cores—can impact performance. The performance and capacities listed below have been generated using the indicated GCP instance size, support for DPDK, and the following test conditions:
    • The VM-Series is deployed on GCP as a firewall between clients and servers in the same availability zone and region. Throughput is measured based on bidirectional traffic sent and received by the VM-Series.
    • Firewall throughput and IPsec VPN are measured with App-ID™ and User-ID™ technology features enabled, utilizing 64 KB HTTP transactions.
    • Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and anti-spyware features enabled, utilizing 64 KB HTTP transactions.
    • IPsec VPN performance is tested between two VM-Series instances in the same VPC, availability zone, and region. Performance will depend on GCP instance type and network topology—that is, whether connecting on-premises hardware to VM-Series on GCP; from VM-Series in a GCP VPC to a GCP VPN Gateway in another VPC; or VM-Series to VM-Series between regions.
    We recommend additional testing within your environment to ensure your performance and capacity requirements are met. For a complete listing of all VM-Series features and capacities, please see compare VM-Series firewalls.
    Model VM-50 / VM-50 Lite*VM-100VM-300VM-500 VM-700
    GCP instance size tested (recommended)N/An1-standard-4**n1-standard-4 n1-standard-8n1-standard-16
    Firewall throughput (App-ID enabled)N/A 2.4 Gbps4.5 Gbps9 Gbps18 Gbps
    Threat Prevention throughput N/A1.2 Gbps2 Gbps4.3 Gbps10 Gbps
    IPsec VPN throughput*** N/A 1.1 Gbps1.7 Gbps4 Gbps6.7 Gbps
    Licensing optionsVM-Series ELA or BYOLVM-Series ELA or BYOLVM-Series ELA, PAYGO, or BYOLVM-Series ELA or BYOLVM-Series ELA or BYOL
    *The VM-50 and VM-50 Lite are not supported on Google Cloud Platform.
    **VM-100 can run on the n1-standard-2, but this size only offers 2 NICs, so n1-standard-4 is recommended.
    *** With multiple VPN tunnels to maximize performance - VM-100 with 1 tunnel, VM-300 with 2 tunnels, VM-500 with 6 tunnels, and VM-700 with 12 tunnels.

    10-1

    This page lists the VM-Series performance and capacity requirements on Google Cloud Platform (GCP).
    Many factors—such as the shared tenancy of a public cloud environment, GCP instance size, and the number of cores—can impact performance. The performance and capacities listed below have been generated using the indicated GCP instance size, support for DPDK, and the following test conditions:
    • The VM-Series is deployed on GCP as a firewall between clients and servers in the same availability zone and region. Throughput is measured based on bidirectional traffic sent and received by the VM-Series.
    • Firewall throughput and IPsec VPN are measured with App-ID™ and User-ID™ technology features enabled, utilizing 64 KB HTTP transactions.
    • Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and anti-spyware features enabled, utilizing 64 KB HTTP transactions.
    • IPsec VPN performance is tested between two VM-Series instances in the same VPC, availability zone, and region. Performance will depend on GCP instance type and network topology—that is, whether connecting on-premises hardware to VM-Series on GCP; from VM-Series in a GCP VPC to a GCP VPN Gateway in another VPC; or VM-Series to VM-Series between regions.
    We recommend additional testing within your environment to ensure your performance and capacity requirements are met. For a complete listing of all VM-Series features and capacities, please see compare VM-Series firewalls.
    Model VM-50 / VM-50 Lite*VM-100VM-300VM-500 VM-700
    GCP instance size tested (recommended)N/An1-standard-4**n1-standard-4 n1-standard-8n1-standard-16
    Firewall throughput (App-ID enabled)N/A 2.4 Gbps4.5 Gbps9 Gbps18 Gbps
    Threat Prevention throughput N/A1.2 Gbps2 Gbps4.3 Gbps10 Gbps
    IPsec VPN throughput*** N/A 1.1 Gbps1.7 Gbps4 Gbps6.7 Gbps
    Licensing optionsVM-Series ELA or BYOLVM-Series ELA or BYOLVM-Series ELA, PAYGO, or BYOLVM-Series ELA or BYOLVM-Series ELA or BYOL
    *The VM-50 and VM-50 Lite are not supported on Google Cloud Platform.
    **VM-100 can run on the n1-standard-2, but this size only offers 2 NICs, so n1-standard-4 is recommended.
    *** With multiple VPN tunnels to maximize performance - VM-100 with 1 tunnel, VM-300 with 2 tunnels, VM-500 with 6 tunnels, and VM-700 with 12 tunnels.

    © 2026 Palo Alto Networks, Inc. All rights reserved.