I always use the Proxy Antivirus figures as worst case.. which for this model is 1.3Gbps. However that is assuming that you use all features for all traffic flows which is terribly inefficient and likely unnecessary. You need to have the understanding that you should create multiple profiles for AV, IPS, DLP, URL Filtering, etc and apply them as needed to individual rules. For example, if you are protecting clients only for an Internet access rule, there is no need to enable server based IPS signatures! You can also gain some performance back using Flow for AV and Web Filtering. IPS (and AppControl/DLP since they are based on IPS engine) is proxy based only, and can take a fair amount of resources if you don' t scope down the protections. SSL Decryption can also make the box work harder as it has to terminate SSL and generate 2nd SSL connection on the fly. So, like you we tend to use every feature under the sun, and I tend to have pretty good luck with them. If you stop and think about it, you probably don' t need a ton of UTM between servers and clients.. No web filtering needed and AV is best used for Internet ingress/egress. Maybe scoped down IPS and App Control, and/or DLP is needed (they all use the same engine). And do you REALLY need SSL decryption from client to server? If not, only enable it for Internet. Looking at your traffic needs, by scoping things appropriate you should be fine. However if you' re doing extremely heavy UTM on all traffic and hitting peaks over 1Gbit through the firewall you may need to bump up to an 800C or 1000C.