Network Functions Virtualization (NFV) is expected to provide network systems that offer significantly lower cost and greatly flexibility to network service providers and their users. Unfortunately, it is extremely difficult to implement Virtualized Network Functions (VNFs) that can equal the performance of Physical Network Functions. To realize NFV systems that have adequate performance, it is critical to accurately grasp VNF workload. In this paper, we focus on the virtual firewall as a representative VNF. The workload of the virtual firewall is mostly determined by firewall rule processing and the Access Control List (ACL) configurations. Therefore, we first reveal the major factors influencing the workload of the virtual firewall and some issues of monitoring CPU load as a traditional way of understanding the workload of virtual firewalls through preliminary experiments. Additionally, we propose a new workload metric for the virtual firewall that is derived by mathematical models of the firewall workload in consideration of the packet processing in each rule and the ACL configurations. Furthermore, we show the effectiveness of the proposed workload metric through various experiments.