Skip to main content

Recommended Specifications

When deploying the enforza Gateways in AWS or Azure, the required EC2 instance or virtual machine size will depend on several factors such as network throughput, CPU and memory requirements, and the specific features you enable (e.g., Intrusion Detection/Prevention, TLS inspection, DDoS protection). The network interface bandwidth (such as Elastic Network Adapter (ENA) in AWS or Accelerated Networking in Azure) is a key determinant in handling traffic loads, and ensuring you select the appropriate instance type is critical to achieving the desired performance.

Key Factors Affecting Performance:

  1. Network Interface Bandwidth: The bandwidth provided by Elastic Network Adapter (ENA) in AWS or Accelerated Networking in Azure will significantly affect throughput.
  2. CPU and RAM: The number of vCPUs and amount of RAM available will determine how efficiently the firewall can inspect and filter traffic, especially when advanced features like transparent FQDN Filtering and traffic analysis are enabled.
  3. Enabled Features: Features like Intrusion Prevention/Deep Packet Inspection (DPI), TLS inspection, and logging require more CPU and memory resources.

Here are the recommended instance/VM sizes for different bandwidth requirements across AWS and Azure:

Low Throughput: Up to 250Mbps

For environments with light traffic and limited feature use, where up to 250 Mbps of throughput is required:

  • AWS Recommended Instance:

    • t3.medium or t3.large
    • 2 vCPUs, 4-8 GB RAM
    • Network Interface (ENA) with Up to 5 Gbps burst capacity

  • Azure Recommended VM:

    • Standard_B2ms
    • 2 vCPUs, 8 GB RAM
    • Accelerated Networking enabled, providing Up to 500 Mbps bandwidth

Medium Throughput: Up to 1 Gbps

For medium-sized environments where you need throughput up to 1 Gbps and moderate feature usage:

  • AWS Recommended Instance:
    • m5.xlarge or c5.xlarge
    • 4 vCPUs, 16 GB RAM
    • Network Interface (ENA) with Up to 10 Gbps bandwidth
  • Azure Recommended VM:
    • Standard_D4s_v3
    • 4 vCPUs, 16 GB RAM
    • Accelerated Networking enabled, providing Up to 1 Gbps bandwidth

Large Throughput: Up to 5 Gbps

For larger environments or those with heavy traffic and many features enabled, requiring throughput up to 5 Gbps:

  • AWS Recommended Instance:

    • c5.4xlarge or m5.4xlarge
    • 16 vCPUs, 32-64 GB RAM
    • Network Interface (ENA) with Up to 25 Gbps bandwidth

  • Azure Recommended VM:

    • Standard_F16s_v2
    • 16 vCPUs, 32 GB RAM
    • Accelerated Networking enabled, providing Up to 10 Gbps bandwidth

Additional Considerations

  1. Network Interface (ENA) in AWS: Always ensure that the instance supports ENA to maximize network throughput.
  2. Accelerated Networking in Azure: For Azure deployments, enabling Accelerated Networking(the equivalent of ENA in AWS) provides significantly higher network performance, including lower latency, lower jitter, and reduced CPU utilization for networking tasks.
  3. CPU/Memory Scaling: Enable higher CPU and memory configurations when advanced features like FQDN filterng, DPI, and IDS/IPS are enabled, as they can consume significant resources.
  4. Monitoring Performance: It's essential to monitor the performance of your instances/VMs in the cloud service provider (CSP) console (e.g., AWS CloudWatch, Azure Monitor) or within the enforza Portal. Keeping track of metrics like CPU utilization, memory usage, and network health ensures that the Gateway is operating efficiently and can alert you when scaling is necessary.
  5. Monitoring and Adjusting: Regularly monitor traffic and resource utilization to scale your instance/VM size up or down as needed based on traffic load and feature usage.

By selecting the appropriate EC2 or VM instance size and ensuring ENA (AWS) or Accelerated Networking (Azure) is enabled, you can ensure that the enforza Gateway delivers optimal performance while balancing cost and scalability for your cloud environment.