1 Reply Latest reply on Feb 27, 2014 11:13 AM by Regis

    Maximum Internet Bandwidth

    allegiance

      Hi,

       

      1. How does the Maximum internet bandwidth affects the Web Gateway? Let us say WBG 54Mbps without AV scanning and 13Mbps with AV scanning and supports 6600 users and 1600 users if there is AV scanning . If I have 700 users and I have 20Mbps of internet bandwidth, what would be the effect if I enable the AV scanning and I have 20Mbps bandwidth but the WBG's maximum is 13Mbps if AV scanning is enabled?

       

       

      2.  Is the Web gateway appliance supports fail-open?. Does fail-open limit the bandwidth? For example I have a MWG 5500-C that has 10/100/1000 network interface does it matter if I have 150Mbps througput if the server goes down and it activates fail-open?

       

      Message was edited by: allegiance on 2/18/14 10:49:03 PM CST
        • 1. Re: Maximum Internet Bandwidth
          Regis

          I'd seek some sizing guidance from an SE based on average requests per second rather than user count or bandwidth at those relatively low levels.      Your practical limiter is going to be CPU, I reckon, rather than bandwidth per se.    AV will impact CPU.  The bandwidth throughput ... is sorta orthogonal there.

           

          You definitely want AV scanning on, otherwise, you lose a lot of the benefit of having a web gateway in the first place.  I've even recently seen where the oft-maligned web gateway javascript heuristics saving some MWG customers from letting some newer phishing campaign clicks from going through.    These are very worthwhile detections.

           

          I'm not sure what failure mode you're asking about with fail open.    In an explicit deployment anyway, if the gateway itself goes down,  you ain't gettin to the internet.   I'm not sure if there's a hardware bypass kit available for that scenario as I've seen from other vendors wares.  

           

          I personally wouldn't deploy any fewer than 2 web gateway appliances.  At the very least have a virtualized one at the ready.  With how web gateway is licensed based on fleshy human counts (at least in our case with the content security suite),  there's not reason not to chuck another relatively inexpensive hardware appliance at things to get some redundancy and load balancing.