Sizing Guide for Forward Proxy Scenarios — Skyhigh Security Web Gateway Version 12.2.0 for F Model Appliances
This document illustrates a subset of the configuration and sizing options for Skyhigh Security Web Gateway version 12.2.0 . If detailed technical sizing is required, please contact your Skyhigh Security channel sales engineer or representative.
About Sizing Guide
For the sizing data shown here, the following is assumed:
-
An appliance running at 60% of its maximum capacity
-
SSL (HTTPS) scanning enabled at 80%
-
Anti-malware configuration set to Full Coverage, which is the recommended setting
Skyhigh Security’s preferred value for sizing Skyhigh Security Web Gateway (SWG) is the number of requests per second, which takes both network traffic (up to Layer 4) and the application load (Layer 7) into consideration. This is important as Web Gateway operates at Layer 7 and is not just looking at data packets. The number of requests per second can usually be obtained from an existing proxy solution. If no existing proxy solution or other technology is available to supply this data, the bandwidth for web protocols can usually be obtained from a firewall or router. When using bandwidth for sizing, it is only necessary to take related traffic into consideration, not the overall bandwidth of the external connection.
Calculations based on the number of users can vary considerably between different organizations. For example, the volume or request rate of an ecommerce company with 1000 users is likely to differ from that of a retail chain company with the same number of employees. Skyhigh Security Web Gateway appliances are licensed based on the number of users. Please use the quoting handbook or contact your Skyhigh Security representative for a definition of users or which SKU should be used.
Skyhigh Security Web Gateway does not require specialized standalone policy management instances, as Central Management is a built-in function of the product. This also applies to anti-malware, data loss protection (DLP), and URL filtering.
Recommendations for Sizing the Appliance Parameters
| Parameter | WBG-5000-F | WBG-5500-F |
|---|---|---|
| CPU cores/threads1 | 12/24 | 24/48 |
| Memory (in GB) | 64 | 192 |
| Storage | 2 x 960 GB SSD SATA | 2 x 960 GB SSD SATA |
| RAID level | 1 | 1 |
| Web Cache (in GB) | 410 | 410 |
| Network Interface Cards (NICs) | 4 x 100/1000/10000 Mbit/s PCIe RJ-45 Ethernet ports |
4 x 100/1000/10000 Mbit/s PCIe RJ-45 Ethernet ports |
| Maximum throughput (in Mbit/s)2 | 5430 | 6111 |
| Connection capacity3 | 189000 | 190000 |
| Rack space | 1 unit | 1 unit |
| Power supply units (PSUs) | Redundant | Redundant |
| Remote management | ASPEED AST2600 BMC | ASPEED AST2600 BMC |
NOTES:
-
With hyperthreading enabled
-
Throughput values are shown here as maximum values for forward proxy deployment. Security features enabled on the proxy impact throughput and should be considered for sizing.
-
The connection capacity can vary depending on the hardware, web policy, and workload to be filtered.
Recommendations for Sizing the Web and User Parameters When Performing Anti-malware and URL Filtering
| Parameter | WBG-5000-F | WBG-5500-F |
|---|---|---|
| Internet Bandwidth (in Mbit/s) | 51 | 149 |
| Web Traffic (in requests per second) | 620 | 1820 |
| Employee Count (number of users) | 6200 | 18200 |
Recommendations for Sizing the Web and User Parameters When Only Performing URL Filtering
| Parameter | WBG-5000-F | WBG-5500-F |
|---|---|---|
| Internet Bandwidth (in Mbit/s) | 349 | 558 |
| Web Traffic (in requests per second) | 4260 | 6820 |
| Employee Count (number of users) | 42600 | 68200 |