Views:

View recommended system sizing information for use when deploying the Internet Access On-Premises Gateway.

When deploying the Internet Access On-Premises Gateway, Trend Micro recommends allocating at least 200 GB of disk space for the on-premises gateway to store application and log files. Detection and activity logs are automatically uploaded to Trend Vision One unless uploading is manually disabled. Detection and activity log files are automatically purged from the on-premises gateway when the files are older than seven days or take up a total of 50 GB of disk space. Trend Vision One retains uploaded log files for up to 180 days.
The following tables provide information for use when considering system sizing based on on-premises gateway performance test results.
Note
Note
  • No services other than the Internet Access On-Premises Gateway were enabled on the Service Gateway virtual appliance during testing.
  • The number of vCPUs and amount of RAM required to run the Service Gateway firmware are included in the vCPU and RAM totals for each sizing test.
  • 10 Data Loss Prevention templates were enabled and used when the Data Loss Prevention feature was enabled.
  • System sizing recommendations for on-premises gateways running in proxy server mode under the following conditions:
    • Deployment method: VMWare ESXi through a Service Gateway virtual appliance
    • Use: Web server traffic protection
    • Traffic protocol: HTTPS with HTTPS inspection enabled
    • Average traffic size: 17 KB
Number of vCPU cores
RAM
Enabled feature set
Recommended maximum network throughput
Transactions per second
Recommended maximum total user count
8
16 GB
Internet access rules only
200 Mbps
1650
2900
8
16 GB
Internet Access rules with Threat Protection
170 Mbps
1500
2600
8
16 GB
Internet access rules with Threat Protection and Data Loss Prevention
150 Mbps
1300
2200
12
16 GB
Internet access rules only
290 Mbps
2500
4400
12
16 GB
Internet access rules with Threat Protection
260 Mbps
2250
3900
12
16 GB
Internet access rules with Threat Protection and Data Loss Prevention
230 Mbps
1950
3400
24
32 GB
Internet access rules only
570 Mbps
4800
8500
24
32 GB
Internet access rules with Threat Protection
510 Mbps
4400
7800
24
32 GB
Internet access rules with Threat Protection and Data Loss Prevention
400 Mbps
3300
5900
48
64 GB
Internet access rules only
850 Mbps
7200
12,500
48
64 GB
Internet access rules with Threat Protection
810 Mbps
6700
12,000
48
64 GB
Internet access rules with Threat Protection and Data Loss Prevention
510 Mbps
4400
7800
  • System sizing recommendations for on-premises gateways running in ICAP server mode under the following conditions:
    • Deployment method: VMWare ESXi through a Service Gateway virtual appliance
    • Use: Web server traffic protection
    • Average traffic size: 17 KB
Number of vCPU cores
RAM
Enabled feature set
Recommended maximum network throughput
Transactions per second
Recommended maximum total user count
8
16 GB
Internet access rules only
150 Mbps
1250
2000
8
16 GB
Internet access rules with Threat Protection
135 Mbps
1200
1900
8
16 GB
Internet access rules with Threat Protection and Data Loss Prevention
100 Mbps
900
1500
12
16 GB
Internet access rules only
200 Mbps
1700
3000
12
16 GB
Internet access rules with Threat Protection
190 Mbps
1600
2900
12
16 GB
Internet access rules with Threat Protection and Data Loss Prevention
150 Mbps
1300
2300
24
32 GB
Internet access rules only
400 Mbps
3200
5600
24
32 GB
Internet access rules with Threat Protection
380 Mbps
3000
5400
24
32 GB
Internet access rules with Threat Protection and Data Loss Prevention
250 Mbps
2000
3500
48
64 GB
Internet access rules only
700 Mbps
5400
10,000
48
64 GB
Internet access rules with Threat Protection
650 Mbps
5100
9000
48
64 GB
Internet access rules with Threat Protection and Data Loss Prevention
300 Mbps
2400
4500
  • System sizing recommendations for on-premises gateways running in ICAP server mode under the following conditions:
    • Deployment method: VMWare ESXi through a Service Gateway virtual appliance
    • Use: File server traffic protection
    • Average traffic size: 100 KB
Number of vCPU cores
RAM
Enabled feature set
Recommended maximum network throughput
Transactions per second
Recommended maximum total user count
8
16 GB
Internet access rules only
550 Mbps
650
1200
8
16 GB
Internet access rules with Threat Protection
550 Mbps
650
1200
8
16 GB
Internet access rules with Threat Protection and Data Loss Prevention
500 Mbps
600
1000
12
16 GB
Internet access rules only
550 Mbps
650
1200
12
16 GB
Internet access rules with Threat Protection
550 Mbps
650
1200
12
16 GB
Internet access rules with Threat Protection and Data Loss Prevention
500 Mbps
600
1000
24
32 GB
Internet access rules only
890 Mbps
1050
2000
24
32 GB
Internet access rules with Threat Protection
890 Mbps
1050
2000
24
32 GB
Internet access rules with Threat Protection and Data Loss Prevention
850 Mbps
1000
1800
48
64 GB
Internet access rules only
900 Mbps
1100
2000
48
64 GB
Internet access rules with Threat Protection
900 Mbps
1100
2000
48
64 GB
Internet access rules with Threat Protection and Data Loss Prevention
900 Mbps
1080
1900
Important
Important
  • All performance indexes dropped by approximately five percent when syslog forwarding was enabled.
  • The recommendations for maximum network throughput and maximum total users are strongly influenced by the average traffic size during testing.