Merge pull request #219636 from vhorne/fw-perf

BCS2022 · web-flow · commit 5b422ecfa6e4 · 2022-11-29T10:58:07.000-08:00
update perf and scale out faq
diff --git a/articles/firewall/firewall-faq.yml b/articles/firewall/firewall-faq.yml
@@ -223,7 +223,9 @@ sections:
 
       - question: How long does it take for Azure Firewall to scale out?
         answer: |
-          Azure Firewall gradually scales when average throughput or CPU consumption is at 60%. A default deployment maximum throughput is approximately 2.5 - 3 Gbps and starts to scale out when it reaches 60% of that number. Scale out takes five to seven minutes.
+          Azure Firewall gradually scales when average throughput or CPU consumption is at 60%. It starts to scale out when it reaches 60% of its maximum throughput. Maximum throughput numbers vary based on Firewall SKU and enabled features. For more information, see [Azure Firewall performance](firewall-performance.md).
+          
+          Scale out takes five to seven minutes.
 
           When performance testing, make sure you test for at least 10 to 15 minutes, and start new connections to take advantage of newly created Firewall nodes.
 
diff --git a/articles/firewall/firewall-performance.md b/articles/firewall/firewall-performance.md
@@ -5,7 +5,7 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: conceptual
-ms.date: 09/21/2022
+ms.date: 11/29/2022
 ms.author: victorh
 ---
 
@@ -37,23 +37,35 @@ The following set of performance results demonstrates the maximal Azure Firewall
 |---------|---------|---------|
 |Standard     |30|30|
 |Premium (no TLS/IDPS)     |100|100|
-|Premium with TLS     |-|100|
-|Premium with IDS     |100|100|
-|Premium with IPS      |10|10|
+|Premium with TLS (no IDS/IPS)     |-|100|
+|Premium with TLS and IDS     |100|100|
+|Premium with TLS and IPS      |10|10|
 
 > [!NOTE]
 > IPS (Intrusion Prevention System) takes place when one or more signatures are configured to *Alert and Deny* mode.
 
-Azure Firewall also supports the following throughput for single connections:
-
+### Throughput for single connections
 
 |Firewall use case  |Throughput (Gbps)|
 |---------|---------|
-|Standard<br>Max bandwidth for single TCP connection     |1.3|
-|Premium<br>Max bandwidth for single TCP connection     |9.5|
+|Standard<br>Max bandwidth for single TCP connection     |up to 1.5|
+|Premium<br>Max bandwidth for single TCP connection     |up to 9|
 |Premium single TCP connection with IDPS on *Alert and Deny* mode|up to 300 Mbps|
 
-Performance values are calculated with Azure Firewall at full scale. Actual performance may vary depending on your rule complexity and network configuration. These metrics are updated periodically as performance continuously evolves with each release.
+### Total throughput  for initial firewall deployment
+
+The following throughput numbers are for an Azure Firewall deployment before auto-scale (out of the box deployment). Azure Firewall gradually scales when the average throughput or CPU consumption is at 60%. It starts to scale out when it reaches 60% of its maximum throughput. Scale out takes five to seven minutes.
+
+When performance testing, ensure you test for at least 10 to 15 minutes, and start new connections to take advantage of newly created firewall nodes.
+
+
+|Firewall use case  |Throughput (Gbps)|
+|---------|---------|
+|Standard<br>Max bandwidth      |up to 3 |
+|Premium<br>Max bandwidth      |up to 18|
+
+
+Actual performance may vary depending on your rule complexity and network configuration. These metrics are updated periodically as performance continuously evolves with each release.
 
 ## Next steps
 
