For 10Gbps of firewall and 3Gbps of IPS, I would say you would need the following:

The correct combination of IOC's for your environment (1 x 2-port 10-gig IOC?)

1-2 x NPC (depending on the number of IOC's... you can only tie a single IOC to one NPC, so two may not benefit you unless you have multiple IOC's, or unless you use the onboard interfaces)

2-3 x SPC (depending on your packet-size, and your IPS policies)

Ron

>>Also, the NPC card supports 10Gbps throughput, will that means that if my requirments are for example 11Gbps firewall performance

Yes, you'd need a 2nd NPC, and a 2nd IOC. Multiple IOCs can be bound to one NPC, but no more than one NPC can be bound to one IOC. That means even a 2x10G IOC will not scale beyond 10G total throughput.

3 SPCs will give you about 8Gb/s of IMIX throughput. AppSecure gives you about a 25% performance hit. The same 3 SPCs support about 4Gb/s of IDP. That's cumulative, of course. If your IDP throughput is part of your firewalled traffic, you don't need to "double-count" it. If it's 3Gb/s of IDP and then another 10Gb/s of firewall traffic on top of that, you're likely looking at a maxed-out 3600 with 7SPCs, 2 NPCs and  2 IOCs. At which point a 5800 would offer much greater headroom, at a much greater price.

Nice summary by tbehrens.  The big takeaway to me is that you cannot just add NPC's to increase throughput as they can only be tied to a single IOC.  SPC's on the other hand can be added to achieve an almost linear gain in service processing capability.

Ron