IT Central Station is now PeerSpot: Here's why

How do you calculate the size of a firewall for your network?

Hi professionals,

Which factors do you need to take into account to calculate the size of a firewall required for your network?

Thanks for the help!

PeerSpot user
77 Answers

Luis Apodaca - PeerSpot reviewer
Top 5User

The "old" answer: calculate how many concurrent connections you are gonna get from the devices in your network. But, nowadays, you should also define if it's an HW-based or SW-based router. 

Also, check how many;

-VPN connections you need

-if you're gonna use QoS (consumes a lot of processor and RAM).

-if you're gonna use traffic analysis (same as above).

If you can get the sales area from any brand they gonna ask you those and more questions!!

Good luck!

Andrew Ramsey - PeerSpot reviewer
Top 5Real User

These are some excellent comments.  

I would add the throughput of NGFWs for the internal nets to my list. 

Most people only focus on their WAN and forget they may have internal networks they need to protect from one another. Well, those networks operate at 1 GB normally if not higher.  

If your firewall cannot handle the traffic odd things can happen. For example, on certain Sophos models if you attempt to pass more traffic than it can handle the firewalls simply reboot themselves. Thus, pay attention to the numbers.  

Alexandre RASTELLO - PeerSpot reviewer
Top 5Real User

Hi Niranjan,

In my case, I use this simple template:


- Total WAN Bandwidth (Mbps)

- Average WAN Consumption (Mbps)

- Anticipated WAN growth over 3 years (%)

- Anticipated Peak Growth

- Anticipated Average Growth

WAN Protection:

- SSL/TLS Decryption (Yes/No)

- Intrusion Prevention (Yes/No)

- Application Control (Yes/No)

- Anti-Malware Protection (Yes/No)

- Web Protection (Yes/No)


- Concurrent IPSec tunnels

- Concurrent SSL VPN tunnels

-IPSec peak throughput requirements (Mbps)


-Nb users

After filling this template, I compare it with the market firewall's constructors. 

At this point, the calculator is my experience to choose the best solution :)



Ofelia Madriz V. - PeerSpot reviewer
Top 10Real User

To estimate the capacity of the firewall we need to consider:

1. Connectivity links to be connected, their throughput. 

2. Concurrent and sessions. 

3. Additional functions to be enabled: application control, SSL traffic inspection, web filtering, IPS, antivirus. 
4. if it is going to be used for SSL VPN we need to consider the amount of SSL concurrent VPN connections.

On the physical side:

1. Type and quantity of ports to be used for links and to connect to the LAN: fiber and RJ45.

2. Single or dual power supply.

3. Rack space required.

Nowadays, we have advanced NGFW with SD-WAN and application control functionalities that allow collapsing in one single hardware with specialized processors that integrates border functions, LAN & WLAN management with security facilitating the It management and expanding security policies across all infrastructure. 

E.g., Check the Fortinet Mesh concept for more details, great vision and Gartner's new security management concept.

William Yragui - PeerSpot reviewer

The number of users - increasing # of users both local/remote will increase the size of the firewall needed.

The bandwidth available - Larger ISP pipes imply more user traffic increasing the size of the firewall needed.

SSL decryption - Requires more CPU and memory resources. Look to the SSL decryption throughput and then test this against your actual HTTPS traffic. Faster decryption/re-encryption requires firewalls with more throughput. Larger firewalls tend to have better throughput numbers. 

Applications to be traffic shaped, SDWAN connections and the number of remote users supported by the firewall have an impact on the sizing. 

Fortinet firewalls can be configured to control switches and APs. The number of devices controlled has a marginal impact but does require some CPU and memory resources.

Finally, the money available for purchase is the final calculation. Note that maintenance agreements are also part of this equation as an NGFW is a brick without maintenance. 

Paul Friend - PeerSpot reviewer

Different vendors have different metrics to consider but it all comes down to throughput, user count and processing power requirements. 

For instance, if you switch on all the NGFW features, the device may have to be sized up to cope with the extra processing requirements.

Victor  Massey - PeerSpot reviewer

There are many factors but it is the number of users and the second is throughput.

Buyer's Guide
May 2022
Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: May 2022.
598,116 professionals have used our research since 2012.