9 Replies Latest reply: Nov 4, 2013 12:02 AM by Odai zZ RSS

    McAfee Web Gateway-the right model

    maherr

      Dears,

      I have a problem in choosing the right McAfee Web Gateway Model.

      I need a McAfee web gateway supporting up to 60,000 concurrent sessions and ability to support at least 200Mbps throughput.

      Thanks

        • 1. Re: McAfee Web Gateway-the right model
          eelsasser

          You can't really size by concurrent sessions. 1 user could have 4 or 200 concurrent sessions at any one time and the session could be less that 1 minute.

           

          You need to know things like:

          How many users?

          What kind of users?

          How will you deploy (Explicit, WCCP)?

          How many locations?

          How much redundancy? (N+1?)

          Do you want authentication?

          Do you want SSL scanning?

          How many requests/second will you have at sustained and peak times?

          Do you require Redundant Power or RAID?

           

          These are the kinds of questions you need to ask.

           

          It could be one WG5500 or 6 WG4500s. It all depends on your architecture.

          • 2. Re: McAfee Web Gateway-the right model
            maherr

            Thanks for the reply.

             

            kindly find below the info:

            6000 users maximum

            deployement:WCCP

            1 location

            no redundancy appliances

            no authentication

            SSL scanning will be used

            redundant power & RAID are needed

            request per second:difficult to define but assuming that we have the maximum number of users & every user will request a page per second at peak time so its 6000requests/second

            • 3. Re: McAfee Web Gateway-the right model
              eelsasser

              All of you statistics indicate that the WG5500 would work for you.

              Except the last one.

               

              6,000 requests per second is unlikely to be achieved by only 6,000 users.

              We usually count 6,000 users as averaging only about 600 Requests per second. (10:1)

               

              In order to get 6,000 requests per second you would have to have 60,000 users.

              A typical user's browser behaviour could not achieve the numbers you claim.

               

              In our sizing calculator, we estimate number of req/sec like this:

              Capture.jpg

              And the total performance is caclulated like this:

              Capture2.jpg

              • 4. Re: McAfee Web Gateway-the right model
                trishoar

                To give some real world context for through put for vs users, we are licenced for ~40k users, hit a peak for 4100 RP/s today and had a maximum network throughput of ~1Gb/s.

                 

                Tris

                • 5. Re: McAfee Web Gateway-the right model
                  eelsasser

                  Yes, that kind of traffic pattern is common.

                   

                  Customers have offered QA numerous logs throughout the years and analyzed the various workloads that are typical.

                   

                  When they profile actual number of users vs. number of users, they usually average about 10:1 for Users:Req/Sec.

                  Of course, it could be more or less than that depending on your environment, but i would never expect that 6000 users could generate 6000 req/sec.

                  • 6. Re: McAfee Web Gateway-the right model
                    maherr

                    Thanks eelsasser, it was helpfull

                    • 7. Re: McAfee Web Gateway-the right model
                      Odai zZ

                      Hello eelsasser,

                       

                      what is the recommended appliance for the following info ?!

                       

                      250 concurrent users

                      deployment: Explicit Proxy

                      1 location

                      no redundancy appliances

                      with authentication (will be integrated with Active directory)

                      SSL scanning will be used

                      Anti-malware engin will be used

                      • 8. Re: McAfee Web Gateway-the right model
                        eelsasser

                        If you want physical hardware, I would suggest the WG4500. It has a little more room for growth than the the WG4000 and it is not much more cost.

                         

                        For only a 250 user environment, have you considered doing this on a VMware host? I would think that a a VMguest with 4-8 CPU and 8Gig of RAM would be sufficient.

                         

                        Then, above that, I would use the WPS subscription SKU for 250 users which includes:

                        Web Security (proxy, SSL, Antivirus, App Control, DLP, and every other feature the MWG has to offer)

                        Gateway Antimalware,

                        SaaS/Hybrid for roaming users (including MCP agent)

                        ePO and Content Security Reporter

                         

                        Of course, Talk to your Sales Rep.

                        • 9. Re: McAfee Web Gateway-the right model
                          Odai zZ

                          Thank you eelsasser