Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Sizing Guide for Forward Proxy Scenarios — Skyhigh Security Web Gateway Version 12.2.0 for F Model Appliances

This document illustrates a subset of the configuration and sizing options for Skyhigh Security Web Gateway version 12.2.0 . If detailed technical sizing is required, please contact your Skyhigh Security channel sales engineer or representative.

About Sizing Guide

For the sizing data shown here, the following is assumed:

  • An appliance running at 60% of its maximum capacity

  • SSL (HTTPS) scanning enabled at 80%

  • Anti-malware configuration set to Full Coverage, which is the recommended setting

Skyhigh Security’s preferred value for sizing Skyhigh Security Web Gateway (SWG) is the number of requests per second, which takes both network traffic (up to Layer 4) and the application load (Layer 7) into consideration. This is important as Web Gateway operates at Layer 7 and is not just looking at data packets. The number of requests per second can usually be obtained from an existing proxy solution. If no existing proxy solution or other technology is available to supply this data, the bandwidth for web protocols can usually be obtained from a firewall or router. When using bandwidth for sizing, it is only necessary to take related traffic into consideration, not the overall bandwidth of the external connection.

Calculations based on the number of users can vary considerably between different organizations. For example, the volume or request rate of an ecommerce company with 1000 users is likely to differ from that of a retail chain company with the same number of employees. Skyhigh Security Web Gateway appliances are licensed based on the number of users. Please use the quoting handbook or contact your Skyhigh Security representative for a definition of users or which SKU should be used.

Skyhigh Security Web Gateway does not require specialized standalone policy management instances, as Central Management is a built-in function of the product. This also applies to anti-malware, data loss protection (DLP), and URL filtering.

Recommendations for Sizing the Appliance Parameters

Parameter WBG-5000-F WBG-5500-F
CPU cores/threads1 12/24 24/48
Memory (in GB) 64 192
Storage 2 x 960 GB SSD SATA 2 x 960 GB SSD SATA
RAID level 1 1
Web Cache (in GB) 410 410
Network Interface Cards (NICs) 4 x 100/1000/10000 Mbit/s
PCIe RJ-45
Ethernet ports
4 x 100/1000/10000 Mbit/s
PCIe RJ-45
Ethernet ports
Maximum throughput (in Mbit/s)2 5430 6111
Connection capacity3 189000 190000
Rack space 1 unit 1 unit
Power supply units (PSUs) Redundant Redundant
Remote management ASPEED AST2600 BMC ASPEED AST2600 BMC


  1. With hyperthreading enabled

  2. Throughput values are shown here as maximum values for forward proxy deployment. Security features enabled on the proxy impact throughput and should be considered for sizing.

  3. The connection capacity can vary depending on the hardware, web policy, and workload to be filtered.

Recommendations for Sizing the Web and User Parameters When Performing Anti-malware and URL Filtering

Parameter WBG-5000-F WBG-5500-F
Internet Bandwidth (in Mbit/s) 51 149
Web Traffic (in requests per second) 620 1820
Employee Count (number of users) 6200 18200


Recommendations for Sizing the Web and User Parameters When Only Performing URL Filtering

Parameter WBG-5000-F WBG-5500-F
Internet Bandwidth (in Mbit/s) 349 558
Web Traffic (in requests per second) 4260 6820
Employee Count (number of users) 42600 68200