NGFW SSL Decryption Performance

Jackson Ma Lv1Posted 30 May 2024 16:49

What is estimate performance impact to enable SSL decryption on NGFW (e.g. the model NSF-3100A)?

Enrico Vanzetto has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Hi, on datasheet i can't see the performance impact of SSL Decryption as it may depends about the firewall policy where you want to be able to inspect SSL traffic. I simply suggest you to get in touch with your Sangfor presales contact and request a poc with this firewall model. This to verify in your network environment the potential performance degradation caused by SSL decryption. One would normally compare the peak throughput achievable without SSL decryption to the throughput observed when SSL decryption is active. Given the absence of specific details regarding SSL decryption in the documentation, it is wise to adopt a cautious approach and anticipate a noticeable decrease in performance. This decline could be more pronounced based on the amount of encrypted traffic being processed and the robustness of the cryptographic algorithms employed
Is this answer helpful?
Enrico Vanzetto Lv4Posted 30 May 2024 19:28
  
Hi, on datasheet i can't see the performance impact of SSL Decryption as it may depends about the firewall policy where you want to be able to inspect SSL traffic. I simply suggest you to get in touch with your Sangfor presales contact and request a poc with this firewall model. This to verify in your network environment the potential performance degradation caused by SSL decryption. One would normally compare the peak throughput achievable without SSL decryption to the throughput observed when SSL decryption is active. Given the absence of specific details regarding SSL decryption in the documentation, it is wise to adopt a cautious approach and anticipate a noticeable decrease in performance. This decline could be more pronounced based on the amount of encrypted traffic being processed and the robustness of the cryptographic algorithms employed
Newbie517762 Lv5Posted 31 May 2024 09:17
  
HiHi,

You can refer to the NSF-3100A data sheet to find information about the performer section, which addresses your concerns. I have attached the NSF-3100A data sheet for your reference.
Network-Secure-Datasheet_DS_P_NSF-3100A-I_20240305.pdf (944.53 KB, Downloads: 115)
Farina Ahmed Lv5Posted 31 May 2024 15:00
  
The exact performance degradation varies depending on factors such as the volume of SSL traffic, the complexity of the SSL/TLS protocols in use, and the specific capabilities of the NGFW model. Generally, users might observe a reduction in throughput by up to 50% or more, although this figure can vary.
Jackson Ma Lv1Posted 31 May 2024 17:58
  
Thank you for all review & reply.  

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders