The following table describes the supported NS9x00 and NS7x00 Sensor capacity:
Maximum Type NS9300 NS9200 NS9100 NS7300 NS7200 NS7100 Aggregate
Performance 40 Gbps 20 Gbps 10 Gbps 5 Gbps 3 Gbps 1.5 Gbps
Max Throughput
Connections 32,000,000 16,000,000 13,000,000 10,000,000 5,000,000 3,000,000 Connections
established per second
1,000,000 575,000 450,000 225,000 200,000 135,000
Default number of supported UDP Flows
800,000 400,000 300,000 150,000 150,000 150,000
Supported UDP
Flows maximum 12,000,000 6,000,000 6,000,000 3,000,000 3,000,000 3,000,000 Supported UDP
Flows minimum 1,000 1,000 1,000 1,000 1,000 1,000
Latency
(Average UDP per packet Latency)
<100 µs <100 µs <100 µs <100 µs <100 µs <100 µs
SSL Flow Count 3,200,000 1,600,000 1,200,000 500,000 400,000 250,000 Number of SSL
certificates that can be imported into the Sensor
1,024 1,024 1,024 1,024 1,024 1,024
Throughput with
per Sensor- IPv4 8,000 8,000 8,000 8,000 8,000 8,000
Quarantine rules
per Sensor- IPv6 500 500 500 500 500 500
17
Maximum Type NS9300 NS9200 NS9100 NS7300 NS7200 NS7100 Quarantine Zones
per Sensor 50 50 50 50 50 50
Quarantine Zone
ACLs per Sensor 1,000 1,000 1,000 1,000 1,000 1,000
Virtual Interfaces (VIDS) per Sensor (Number of Virtual IPS Systems)
1,000 1,000 1,000 1,000 1,000 1,000
VLAN / CIDR
Blocks per Sensor 3,000 3,000 3,000 3,000 3,000 3,000
VLAN / CIDR Blocks per Interface
254 254 254 254 254 254
Customized
100,000 100,000 100,000 100,000 100,000 100,000
Ignore rules 262,144 262,144 262,144 262,144 262,144 262,144
Number of attacks
with ignore rules 128,000 128,000 128,000 128,000 128,000 128,000
DoS Profiles 5,000 5,000 5,000 5,000 5,000 5,000
SYN cookie rate (64 ‑ byte packets per second)
13,500,000 9,000,000 5,000,000 3,300,000 1,800,000 1,400,000
Effective (Firewall)
access rules 20,000 20,000 10,000 5,000 3,000 3,000
Firewall rule
objects 140,000 140,000 70,000 35,000 21,000 21,000
Firewall DNS rule
objects 5,000 5,000 2,500 1,250 1,000 1,000
Firewall rule
object groups 1,000 1,000 500 400 300 300
Application on Custom Port rule objects
2,000 2,000 1,000 500 500 500
Firewall
user-based rule objects
5,000 5,000 2,500 1,250 1,000 1,000
Firewall user groups in access rules
10,000 10,000 10,000 10,000 10,000 10,000
Number of whitelist entries permitted for IP Reputation
128 128 128 128 128 128
17
NS-series Sensor capacity by model numberMaximum Type NS9300 NS9200 NS9100 NS7300 NS7200 NS7100 Maximum host
entries supported for Connection Limiting policies
256,000 256,000 256,000 256,000 256,000 256,000
Maximum file size during packet capture
100 MB 100 MB 100 MB 100 MB 100 MB 100 MB
Passive device
profile limits 100,000 100,000 100,000 100,000 50,000 25,000
Advanced
1,000 1,000 1,000 1,000 1,000 1,000
Advanced
4,094 4,094 4,094 4,094 4,094 4,094
New HTTP connections per second(using 1 GET with 5000 HTTP response)
700,000 375,000 260,000 135,000 128,000 115,000
The following table describes the supported NS5x00 and NS3x00 Sensor capacity:
Maximum Type NS5200 NS5100 NS3200 NS3100
Aggregate Performance 1 Gbps 600 Mbps 200 Mbps 100 Mbps
Max Throughput with test equipment
sending UDP packet size of 1512 Bytes up to 3 Gbps up to 1.5 Gbps up to 1 Gbps up to 600 Mbps
Concurrent Connections 1,350,000 750,000 80,000 40,000
Connections established per second 45,000 40,000 25,000 20,000 Default number of supported UDP Flows 50,000 25,000 10,000 5,000 Supported UDP Flows maximum 1,500,000 1,500,000 30,000 30,000
Supported UDP Flows minimum 1,000 1,000 1,000 1,000
Latency
(Average UDP per packet Latency)
<100 µs <100 µs <100 µs <100 µs
SSL Flow Count 75,000 40,000 NA NA
Number of SSL certificates that can be
imported into the Sensor 1,024 1,024 NA NA
NS-series Sensor capacity by model number
17
Maximum Type NS5200 NS5100 NS3200 NS3100 Throughput with SSL Decryption (based
on 10% SSL traffic) 1 Gbps 600 Mbps NA NA
Quarantine rules per Sensor- IPv4 1,000 1,000 8,000 8,000
Quarantine rules per Sensor- IPv6 500 500 500 500
Quarantine Zones per Sensor 50 50 50 50
Quarantine Zone ACLs per Sensor 1,000 1,000 1,000 1,000
Virtual Interfaces (VIDS) per Sensor
(Number of Virtual IPS Systems) 1,000 100 32 16
VLAN / CIDR Blocks per Sensor 300 300 64 32
VLAN / CIDR Blocks per Interface 254 254 254 254
Customized attacks
See the note below on how the number of customized attacks is affected.
100,000 1,00,000 100,000 100,000
Ignore rules 262,144 262,144 65,536 32,768
Number of attacks with ignore rules 100,000 1,00,000 40,000 20,000
DoS Profiles 5,000 300 128 128
SYN cookie rate (64 ‑ byte packets per
second) 1,000,000 750,000 400,000 300,000
Effective (Firewall) access rules 2,000 2,000 1,000 1,000
Firewall rule objects 14,000 14,000 7,000 7,000
Firewall DNS rule objects 750 750 500 500
Firewall rule object groups 200 200 100 100
Application on Custom Port rule objects 250 250 150 150
Firewall user-based rule objects 750 750 500 500
Firewall user groups in access rules 10,000 10,000 10,000 10,000 Number of whitelist entries permitted
for IP Reputation 64 64 32 32
Maximum host entries supported for
Connection Limiting policies 128,000 128,000 128,000 128,000 Maximum file size during packet capture 58 MB 58 MB 40 MB 40 MB
Passive device profile limits 15,000 15,000 10,000 5,000
Advanced Malware - Maximum simultaneous file scan capacity when the file is saved in the Sensor See the note below for more information.
32 32 16 16
Advanced Malware - Maximum
simultaneous file scan capacity without saving files in the Sensor
See the note below for more information.
1,024 1,024 255 255
New HTTP connections per second(using 30,000 25,000 15,000 12,000
17
NS-series Sensor capacity by model numberNote for Advanced Malware - Maximum simultaneous file scan
This feature is not the same as the file saving feature that is enabled through the Save File checkbox in the Advanced Malware Policies page of the Manager. It mentions the aspect of file saving that occurs temporarily within the Sensor during analysis. If the analysis result matches the severity configured in the Manager then the file is sent to the Manager to save.
Different outcomes based on your file saving configuration in the Advanced Malware Policies page are below:
• If you have set the Save File to Disable in the Advanced Malware Policies page then the scanned files are not sent to the Manager.
• If you have set the Save File to Always, then all the scanned files are sent to the Manager to be archived. Before using this option ensure that you have adequate disk space.
• If you have set a severity for Save File, then the scanned files are saved in the Sensor so that they can be analyzed by internal scanning engines like the PDF- JavaScript Engine. Once the analysis is complete and if the result is same or higher than the severity set then the file is sent to the Manager. When the Manager receives the file then it is saved in the Manager for future analysis by a security administrator.
Note for customized attacks
Customized attacks are not to be confused with custom attacks. A custom attack is a user-defined attack definition either in the McAfee's format or the Snort rules language. Whereas a customized attack is an attack definition (as part of the signature set), for which you modified its default settings.
For example, if the default severity of an attack is 5 and you change it to 7, it is a customized attack.
The signature set push from the Manager to a Sensor fails if the number of customized attacks on the Sensor exceeds the customized attack limit.
The number of customized attacks can increase due to:
• Modifications done to attacks on a policy by users.
• Recommended for blocking (RFB) attacks.
• User created asymmetric policies.
Example: How numerous customized attacks are created in asymmetric policies.
1 Create a policy.
2 Set the Inbound rule set to "File Server rule set".
3 Set the Outbound rule set to " Default Testing rule set".
You see that:
• The File Server rule set has 166 exploit attacks.
• The Default Testing rule set has 2204 exploit attacks.
The total number of customized attacks for this policy is 2204 – 116 = 2038 customized attacks.
NS-series Sensor capacity by model number