Hardware recommendations for standalone Forcepoint URL Filtering deployments

Applies to:
  • Forcepoint URL Filtering, v8.5.x
In standalone deployments, Network Agent (rather than Content Gateway or a third- party integration product) monitors network traffic and enables management of all protocols, including HTTP, HTTPS, and FTP. Network Agent also:
  • Detects all TCP/IP Internet requests (HTTP and non-HTTP)
  • Communicates with Filtering Service to see if each request should be blocked
  • Calculates the number of bytes transferred
  • Sends a request to Filtering Service to log Internet activity

The table below provides hardware recommendations for standalone deployments, based on network size. System needs vary depending on the volume of Internet traffic. The table does not include information for the management server (see System requirements for this version).

The following baseline is used to create the recommendations:
  • 1 - 500 users = 1 - 100 requests per second (rps)
  • 500 - 2,500 users = 100 - 500 rps
  • 2,500 - 10,000 users = 500 - 2,250 rps
Important:
  • Do not install web protection components on a firewall machine. Firewall and web protection software function and performance may be affected.
  • Each Network Agent machine must be positioned to see all Internet requests for the machines that it is assigned to monitor.

If your network traffic exceeds these estimates, more powerful systems or greater distribution of components may be required.

Network Size Enforcement Components Reporting (Windows)
1 - 500 users

Windows or Linux

  • Quad-Core Intel Xeon 5420 or better processor, 2.5 GHz or greater
  • 4 GB RAM
  • 10 GB free disk space (Free space must equal at least 20% of total disk space.)

Windows

  • Quad-Core Intel Xeon 5420 or better processor, 2.5 GHz or greater
  • 4 GB RAM
  • 100 GB free disk space
  • Microsoft SQL Server required for Log Database

See this article for supported versions.
500 - 2,500 users

Windows or Linux

  • Quad-Core Intel Xeon 5420 or better processor, 2.5 GHz or greater
  • 4 GB RAM
  • 10 GB free disk space (Free space must equal at least 20% of total disk space.)

Windows

  • Quad-Core Intel Xeon 5420 or better processor, 2.5 GHz or greater
  • 4 GB RAM
  • 100 GB free disk space
  • Microsoft SQL Server required for Log Database

See this article for supported versions.
2,500 - 10,000 users

Windows or Linux

  • Load balancing required
  • Quad-Core Intel Xeon 5450 or better processor, 3.0 GHz or greater
  • 4 GB RAM
  • 10 GB free disk space (Free space must equal at least 20% of total disk space.)

Windows

  • Quad-Core Intel Xeon 5420 or better processor, 2.5 GHz or greater
  • 4 GB RAM
  • 200 GB free disk space with a disk array

(The Log Database requires a disk array to increase I/O reliability and performance.)

  • High-speed disk access
  • Microsoft SQL Server required for Log Database

See this article for supported versions.

To run both policy enforcement and reporting components on the same machine in the two smaller network sizes, increase the RAM to 6 GB (if supported by your operating system), and consider using a faster processor and hard drive to compensate for the increased load.

For networks with 2,500-10,000 users, at least two Network Agent instances, running on separate machines, are required. The machines should have:
  • Quad-Core Intel Xeon 5420 or better processor, 2.5 GHz or greater
  • At least 1 GB of RAM

Multiple Filtering Service machines may also be needed. Machine requirements depend on the number of users whose requests are monitored and managed. See Extending your deployment with additional web protection components.