Network & System Support Engineer at ITCG Solutions Pvt Ltd
  • 7
  • 2282

How do you calculate the size of a firewall for your network?

Hi professionals,

Which factors do you need to take into account to calculate the size of a firewall required for your network?

Thanks for the help!

PeerSpot user
7 Answers
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
Top 5
Mar 22, 2022

The "old" answer: calculate how many concurrent connections you are gonna get from the devices in your network. But, nowadays, you should also define if it's an HW-based or SW-based router. 

Also, check how many;

-VPN connections you need

-if you're gonna use QoS (consumes a lot of processor and RAM).

-if you're gonna use traffic analysis (same as above).

If you can get the sales area from any brand they gonna ask you those and more questions!!

Good luck!

Search for a product comparison in Firewalls
President at Precision Solution Group, LLC
Real User
Top 5
Mar 22, 2022

These are some excellent comments.  

I would add the throughput of NGFWs for the internal nets to my list. 

Most people only focus on their WAN and forget they may have internal networks they need to protect from one another. Well, those networks operate at 1 GB normally if not higher.  

If your firewall cannot handle the traffic odd things can happen. For example, on certain Sophos models if you attempt to pass more traffic than it can handle the firewalls simply reboot themselves. Thus, pay attention to the numbers.  

Senior IT Consultant - Sophos Architect at ARENTIA S.A.
Real User
Top 10
Mar 22, 2022

Hi Niranjan,

In my case, I use this simple template:


- Total WAN Bandwidth (Mbps)

- Average WAN Consumption (Mbps)

- Anticipated WAN growth over 3 years (%)

- Anticipated Peak Growth

- Anticipated Average Growth

WAN Protection:

- SSL/TLS Decryption (Yes/No)

- Intrusion Prevention (Yes/No)

- Application Control (Yes/No)

- Anti-Malware Protection (Yes/No)

- Web Protection (Yes/No)


- Concurrent IPSec tunnels

- Concurrent SSL VPN tunnels

-IPSec peak throughput requirements (Mbps)


-Nb users

After filling this template, I compare it with the market firewall's constructors. 

At this point, the calculator is my experience to choose the best solution :)



Ofelia Madriz V. - PeerSpot reviewer
General Manager at Continex S.A.
Real User
Mar 23, 2022

To estimate the capacity of the firewall we need to consider:

1. Connectivity links to be connected, their throughput. 

2. Concurrent and sessions. 

3. Additional functions to be enabled: application control, SSL traffic inspection, web filtering, IPS, antivirus. 
4. if it is going to be used for SSL VPN we need to consider the amount of SSL concurrent VPN connections.

On the physical side:

1. Type and quantity of ports to be used for links and to connect to the LAN: fiber and RJ45.

2. Single or dual power supply.

3. Rack space required.

Nowadays, we have advanced NGFW with SD-WAN and application control functionalities that allow collapsing in one single hardware with specialized processors that integrates border functions, LAN & WLAN management with security facilitating the It management and expanding security policies across all infrastructure. 

E.g., Check the Fortinet Mesh concept for more details, great vision and Gartner's new security management concept.

William Yragui - PeerSpot reviewer
President at infobond
Mar 22, 2022

The number of users - increasing # of users both local/remote will increase the size of the firewall needed.

The bandwidth available - Larger ISP pipes imply more user traffic increasing the size of the firewall needed.

SSL decryption - Requires more CPU and memory resources. Look to the SSL decryption throughput and then test this against your actual HTTPS traffic. Faster decryption/re-encryption requires firewalls with more throughput. Larger firewalls tend to have better throughput numbers. 

Applications to be traffic shaped, SDWAN connections and the number of remote users supported by the firewall have an impact on the sizing. 

Fortinet firewalls can be configured to control switches and APs. The number of devices controlled has a marginal impact but does require some CPU and memory resources.

Finally, the money available for purchase is the final calculation. Note that maintenance agreements are also part of this equation as an NGFW is a brick without maintenance. 

Account Director at a tech services company with 51-200 employees
Mar 21, 2022

Different vendors have different metrics to consider but it all comes down to throughput, user count and processing power requirements. 

For instance, if you switch on all the NGFW features, the device may have to be sized up to cope with the extra processing requirements.

Learn what your peers think about Sophos XG. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
686,748 professionals have used our research since 2012.
Seema Massey at simvicitsolutions
Mar 21, 2022

There are many factors but it is the number of users and the second is throughput.

Related Questions
Specialist at Bloque de Armas
Jan 3, 2023
Hello peers,  I work at a media company and am researching firewalls. What are the differences between WatchGuard 390 and FortiGate 80F? Which solution do you prefer and why? Thank you for your help.
See 2 answers
Instrutor at a tech services company with 1,001-5,000 employees
Dec 20, 2022
Hello, The 820 and 850 belong to the family 800 of Palo Alto Firewall.I caught a comparison between both firewalls on the Palo Alto site and I believe it will help with your decision.Regards820 and 850 comparison
Head of Customer Success at a tech services company with 51-200 employees
Jan 3, 2023
Firewall - Appliance Performance Analysis S.No Technical Parameter Watchguard M390 Fortigate 80F 1 IPS Throughput 3.3 Gbps 1.4 Gbps 2 NGFW 5.8 Gbps 1 Gbps 3 Threat Protection 1.47 Gbps 900 Mbps 4 Total no of RJ45 ports 8 GbE Ports 8 GbE Ports 5 Concurrent Sessions 4.5 million 1.5 million 6 New Sessions per second 98000 45000 The WatchGuard M390 NGFW Appliance gives on average 2 + times better performance than the FortiGate 80F
Jan 13, 2023
Hello peers, We are looking for a firewall solution in Fortigate for a software training institution with 2000 students. Each student has one laptop and two mobile phones (maximum). There are four Internet connections, two broadbands, and two leased lines (optical fiber). There is no need for content filtering and application control. We need a solution for load balancing and traffic shaping. ...
2 out of 7 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Dec 7, 2022
Hi @Gulzar C ​, Some of the preferred solutions seen in educational institutes are mentioned below: Sophos. Fortinet Fortigate. Juniper SRX Firewall. SonicWall.
Director at REDCO
Dec 7, 2022
Untangle was born in the educational sector, and now it has been acquired by Arista in case you would like to check it out. Any solution is recommended, it all depends on the budget, you can also check pfSense which is free. fatpipeinc.com is a native solution for balancing WAN, VERSA for 8 wan, FortiGate, Sophos, VMware and Cisco are the leaders on Gartner. Greetings 
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Sophos XG Report and get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
686,748 professionals have used our research since 2012.