How can I determine the network throughput of a firewall to ensure it will handle my customer's network traffic?
Rating firewalls by network throughput is kind of like estimating the number of gumballs you can put in a jar. The answer depends on the size of the gumball. Network firewalls process and make security decisions on individual network packets. This means the most accurate rating of a network firewall would be packets per second. The problem is that not many organizations know how many packets per second they need, but do know the throughput (megabits per second) of their network connections. Because packets can vary between large or small chunks of data, you can fit many more small packets into a given container (bandwidth measurement) than large packets. This can lead to a large disparity between the vendor rating and the firewall's actual performance.