Hello Surendra
When examining the specs of firewalls such as the ASA or Cisco Firepower, there are various values for throughput that are given. For example, in the Cisco Firepower 1000 series datasheet, you can see various values for things like:
- Firewall (FW)
- FW + Application Visibility and Control (AVC)
- FW + AVC + Intrusion Prevention System (IPS)
- VPN throughput
These various values indicate the expected maximum throughput when these particular features of the device are activated. If you simply operate the FW feature, it requires fewer resources than employing the FW, AVC, and IPS together, and thus the expected maximum throughput is higher.
What you must do is determine what kind of throughput you need, determine which features you will enable, and match up the value of the required throughput to that of the expected throughput with the features you need enabled.
There are some more specs that you should keep in mind, including maximum concurrent sessions for various features such as AVC and VPNs, as well as maximum VPN peers, and maximum connections per second.
Again, these are specs that need to be examined based on the expected traffic and usage that you will have at the location of installation.
I hope this has been helpful!
Laz