Scaling Processors and Bandwidth with the 2006 ISA Firewall

In most situations, a single computer has enough processing power to secure traffic going through standard Internet links. According to market research reports on Internet usage, most corporate Internet link bandwidths are between 2 and 20 Mbps. This indicates that an entry-level computer with a single or dual processor will suffice for most ISA Server deployments.

According to outbound firewall test results, ISA Server running on a single Pentium 4 2.4-GHz processor can provide a throughput of approximately 25 Mbps at 75 percent CPU utilization. This means that for each T1 Internet link (1.5 Mbps), the Microsoft Firewall service will utilize only 4.5 percent of the CPU resources. Dual Xeon 2.4-GHz processors can provide a throughput of approximately 45 Mbps (T3) at 75 percent utilization of the CPU, or 2.5 percent utilization of the CPU for every T1.

This is important information for those who are considering using the ISA Firewall as an internal firewall to segregate internal security zones. While 45Mbps is good for Internet connectivity, it represents a chokepoint for internal networks that run at 100Mbps and above. You might want to consider a quad core and do some testing if you have higher bandwidth requirements on your internal segments.




Thomas W Shinder, M.D.


Email: [email protected]

MVP — Microsoft Firewalls (ISA)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top