Security Calculators

Chapter 9 — Five interactive real-time calculators for network security perimeter sizing and planning

📡 Calculator 1: Network Bandwidth Sizing

Size required provisioned bandwidth for internet egress or WAN links, accounting for peak utilization targets, growth projections, and redundancy requirements.

Peak Throughput at 95th Percentile (Gbps) Current measured peak, e.g., 2.0 Gbps

Target Max Sustained Utilization (%) Recommended: 60–70%

70%

Annual Growth Rate (%) Typical: 20–40% per year

30%

Planning Horizon (Years) Typical: 2–3 years

2 yr

Redundancy Mode N+1 adds 30% headroom for failover

Future Peak

—

Gbps

Base Capacity

—

Gbps

Recommended Circuit

—

Gbps

💾 Calculator 2: SIEM Log Storage Capacity

Estimate total SIEM storage requirements for hot (fast-access) and cold (archive) retention tiers, accounting for event rate, event size, compression, and indexing overhead.

Average EPS (Events Per Second) Typical enterprise: 5,000–50,000 EPS

Average Event Size (bytes/event) Firewall logs: 500–1500 bytes typical

Hot Retention (days) Fast-access tier for active investigation

45d

Cold Retention (days) Archive tier for compliance (total period)

365d

Hot Compression Ratio 0.6 = 40% size reduction

0.60

Cold Compression Ratio 0.4 = 60% size reduction

0.40

Daily Raw Data

—

GB/day

Hot Storage

—

Cold Storage

—

Total Required

—

⚡ Calculator 3: PoE Power Budget

Ensure PoE switches and UPS can support perimeter security devices (CCTV cameras, wireless APs, IoT sensors) with appropriate power headroom and UPS runtime.

Number of PoE Devices Total count of cameras, APs, sensors

Per-Device PoE Class Power (W) IEEE 802.3at/bt: 4/7/15.4/30/60/90W

Diversity Factor (%) % of devices drawing max power simultaneously

85%

Switch PoE Efficiency Factor Typical: 0.88–0.95

0.92

UPS Runtime Target (minutes) Minimum runtime during power outage

15min

UPS Output Voltage (V) Typically 230V (EU) or 120V (US)

Total Device Load

—

Watts

Required PoE Budget

—

Watts

UPS Energy Needed

—

UPS Battery (Ah)

—

🛡 Calculator 4: Firewall Throughput & Session Sizing

Determine the minimum required NGFW throughput, CPS (connections per second), and concurrent session capacity based on current traffic measurements and safety headroom factors.

Current Peak L7 Throughput (Gbps) Measured at 95th percentile with all inspection enabled

TLS Inspection Coverage (%) % of traffic requiring SSL/TLS decryption

60%

Peak New Connections Per Second (CPS) Measured peak CPS from monitoring

Peak Concurrent Sessions Measured peak from firewall monitoring

Throughput Headroom Factor Recommended: 1.5× (50% headroom)

1.5×

CPS & Session Headroom Factor Recommended: 2.0× for spike resilience

2.0×

Min L7 Throughput

—

Gbps

Min TLS Inspect TPS

—

Gbps

Min CPS Required

—

K/sec

Min Sessions Required

—

Million

⏳ Calculator 5: HA Failover RTO Budget

Estimate the total Recovery Time Objective (RTO) for a firewall HA failover event, breaking down the time budget across detection, convergence, and restoration phases.

HA Heartbeat Interval (ms) Typical: 200–1000ms

HA Dead Peer Threshold (missed heartbeats) Typical: 3–5 missed before failover

State Sync Enabled? State sync preserves existing sessions

BGP Convergence Time (seconds) Time for routing to re-converge after failover

30s

Application Recovery Time (seconds) Time for apps to re-establish sessions after failover

10s

Target RTO (seconds) Your SLA requirement for failover

Detection Time

—

seconds

Switchover Time

—

seconds

Total Estimated RTO

—

seconds

RTO vs Target

—