10.2
VM-Series on AWS performance and capacity for public
clouds.
Many factors, such as AWS instance size, maximum packets per second supported,
number of cores used, and AWS placement group, can affect performance.
We recommend additional testing within your environment to ensure that you meet
your performance and capacity requirements. For a complete listing of all VM-Series features
and capacities, see
compare VM-Series firewalls. The performance and
capacities listed in the following table have been generated under these test conditions:
Firewall throughput is measured with App-ID™ technology features enabled utilizing 64 KB
HTTP 1.1 transactions.
IPsec VPN is measured with App-ID™ enabled and performance is tested between a pair of
VM-Series firewall instances in a placement group deployed within the same availability
zone and region and with 12 tunnels with a single IKE gateway. The performance will vary
based on AWS instance type and connectivity topology (for example, connecting from
on-premises hardware to VM-Series on AWS, or from VM-Series in an AWS VPC to an AWS VGW in
another VPC, or VM-Series to VM-Series across regions).
Threat Prevention throughput is measured with App-ID, User-ID, IPS, antivirus, and
anti-spyware features enabled, utilizing 64 KB HTTP 1.1 transactions.
Tested on instances with AWS Nitro Hypervisor and SR-IOV and DPDK are enabled.
| Model |
2 vCPUs
(formerly VM-100)
|
4 vCPUs)
(formerly VM-300)
|
8 vCPUs
(formerly VM-500)
|
16 vCPUs
(formerly VM-700)
|
| AWS instance size tested | m5.large | m5.xlarge | m5.2xlarge | m5.4xlarge |
| Firewall throughput (App-ID enabled) | 1.9 Gbps | 3.7 Gbps | 7.9 Gbps | 8.0 Gbps |
| Threat Prevention throughput | 0.8 Gbps | 1.5 Gbps | 3.7 Gbps | 7.2 Gbps |
| IPsec VPN throughput | 1.3 Gbps | 2.7 Gbps | 4.2 Gbps | 4.8 Gbps |
