Layer 7 packet filter worth CPU usage? [on hold]

Layer 7 packet filter worth CPU usage? [on hold]

We're looking to implement packet filtering and rate limiting on our
network. The issue is we have around 5000 people connected at once. The
question is wether we should use layer 7 filtering despite the CPU usage
that may come with it, instead of just rate limiting depending on the
source,destination IP address and ports used.
By using this we know that certain software can run on any port specified
and they could use the whitelisted port for unwanted activities. So the
dilemma relies on wether we should inspect at layer 7 and catch everything
but sacrifice hardware instead of analyzing source and destination port
risking the fact that some people might bypass it. Should we aim for
everything even with the cost or prepare to get the majority but risk
having exceptions?