Re: Palo Alto throughputs?

[Bob Williamson <bob_williamson () AW ORG>]

I suppose it would have been helpful to give some more information on my situation.

K-12 Boarding school.  300+ users, 100+ of which are full time residents.
Seeing (via PRTG SNMP monitoring) about 20-30 Mbps all day with some 30 minute spikes up to 35+Mbps.  Nights we see 
35+Mbps as the kids start streaming.
The school already has one laptop per user, I am not expecting a huge increase too soon, but we will be adding quite a 
few IPads etc.  Moving everyone to Google Apps, etc.

The price difference between the PA500 and the PA2020 is pretty significant.

Any thoughts would be appreciated,
Bob Williamson
Network Administrator
Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org
D: +1.253.284.5465 | F: +1.253.572.3616 | Bob_Williamson () aw org

Annie Wright's strong community cultivates individual learners to become
well-educated, creative, and responsible citizens for a global society.

[cid:image001.png@01CD02D3.7DA542F0]<http://www.aw.org/>  [cid:image002.png@01CD02D3.7DA542F0] 
<http://www.facebook.com/AnneWrighSchool>   [cid:image003.png@01CD02D3.7DA542F0] <http://twitter.com/#!/AnnieWright1884>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jon 
Robinson
Sent: Thursday, March 15, 2012 5:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Palo Alto throughputs?

I have a couple PA-500 customers that you can compare with and can make introductions if you want to contact me off 
list:

A 1600 machine district pushing up to 45Mbps without problems, using it in vwire with threat and URL subscriptions.
A 600 user district using it in L3 mode with all subscriptions with one connection to K20 and another to comcast.  I 
think they only push around 20Mbps or so.  I asked them for the results to "show system statistics" and will send them 
to you.

PAN's own rule of thumb say that the PA-500 is for 30 users or less at a branch or something.  The main sizing 
parameters are sessions and throughput, but there are other counters and numbers you can check.  Run some of the 
following to get a feel for how it's running on your network:

show running resource-monitor
show session info
debug dataplane pool statistics
show counter global filter aspect resource
show system statistics

There are others as well to look for errors, drops and fragments.

Jon Robinson, CISSP
Digital Scepter
desk 951.461.7868
digitalscepter.com<http://digitalscepter.com>




On Mar 15, 2012, at 4:41 PM, Bob Williamson wrote:


I am looking at a PA-500 and am a bit concerned about the throughput of the unit.  Anyone have one and if so, what's 
the highest throughput you've seen?

Thanks,
Bob Williamson
Network Administrator
Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org<x-msg://10153/www.aw.org>
D: +1.253.284.5465 | F: +1.253.572.3616 | Bob_Williamson () aw org<mailto:Bob_Williamson () aw org>

Annie Wright's strong community cultivates individual learners to become
well-educated, creative, and responsible citizens for a global society.

<image001.png><http://www.aw.org/>  <image002.png><http://www.facebook.com/AnneWrighSchool>  
<image003.png><http://twitter.com/#!/AnnieWright1884>