How can I measure throughput of PIX firewall ?

Posted on 2007-07-27
Last Modified: 2013-12-10
Hi experts,
I have confusing between performance and throughput concepts.
My knowledge is that the performance indicates to CPU speed (unit is HZ), and throughput reflects the network speed (unit is bps).
Could you clarify the meaning of them exactly ? provide references ?
And what is the commands that retrieve the performance and throughput of PIX firewall ?

Thanks ,,,
Question by:Mesfer
    LVL 7

    Accepted Solution

    Well for one performance can be given in values of packets per second as the packets can be of variables sizes the throughput is bits per seconds.

    A good program to get decide maximum throughput is iperf it can be a server or a client against another iperf server.  So to get reading you place the iperf programs on each site of the pix and run trough a test.

    In the gui mode of the pix is also some monitoring tools.

    LVL 32

    Assisted Solution

    Performance is defined in terms on how the device's *health* is concerned

    Throughput is defined in terms on how much traffic (in bytes) are going in and out of the box.

    They are inversly proportional, For high traffic to go through the PIX would have to use high resources as well.

    For performance, you could use 'show cpu' and 'show cpu memory' on the PIX.

    For throughput, you could just use 'show int' and see how much traffic is going through the interface.

    LVL 79

    Assisted Solution

    Throughput is but one measure of performance. Performance depends on CPU utilization, memory utilization, rule sets, firewall policies, encryption if used, etc. All of those affect overall througput.
    The PDM and/or ASDM web gui has some performance and throughput viewing/charting capability on its own. ASDM with PIX OS 7.x has some pretty good health indicators right on the home page. PIX 8.0 with ASDM 6.x takes it to a whole new level.
    You can use most any snmp program like mrtg, prtg, solarwinds to keep track of traffic going in/out of the interface to chart throughput.

    LVL 79

    Expert Comment

    The question was answered.
    Suggest a 3-way split

    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now