https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4194962#M1076495 Hi,<BR /><BR />Speed test uses port TCP/8080 for download and upload. So no direct<BR />relation between SSL policy and speed test. However, SSL policy drops the<BR />performance of any hardware including firepower as it needs to perform<BR />decryption and encryption for every packet (if you use resign).<BR /><BR />In your case, cert check won't cause decryption/encryption cause this is<BR />inspected in SSL handshake.<BR /><BR />Try to do a pcap to see the destination server for speed test. Then apply a<BR />test pre-filter policy to fastpath that traffic and see if it improves.<BR />This is to isolate if FTD is doing something to speed tes traffic specific<BR />or its general ssl inspection for all traffic.<BR /><BR /><BR />**** please remember to rate useful posts<BR /> Tue, 08 Dec 2020 06:50:02 GMT Mohammed al Baqari 2020-12-08T06:50:02Z https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4194883#M1076493 <P>I have FTD1K running 6.6.1 (build 91) managed by FMC...</P><P>From a user laptop inside network to run speedtest via speedtest.net in browser, I got about 150Mbps down and 1Mbps up...What I found is disabling the SSL policy on FTD improved dramatically on upload speed (increase to about 80Mbps)... but the SSL Policy configured is a fairly basic cert checking policy like screenshots below (defaults are used in other tabs of the policy/rule). But why?</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/90028i5967020BF4918032/image-size/large?v=v2&amp;px=999" role="button" title="1.png" alt="1.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/90029i57D0AEC446AB2C08/image-size/large?v=v2&amp;px=999" role="button" title="2.png" alt="2.png" /></span></P> Tue, 08 Dec 2020 01:34:20 GMT https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4194883#M1076493 SIMMN 2020-12-08T01:34:20Z https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4194962#M1076495 Hi,<BR /><BR />Speed test uses port TCP/8080 for download and upload. So no direct<BR />relation between SSL policy and speed test. However, SSL policy drops the<BR />performance of any hardware including firepower as it needs to perform<BR />decryption and encryption for every packet (if you use resign).<BR /><BR />In your case, cert check won't cause decryption/encryption cause this is<BR />inspected in SSL handshake.<BR /><BR />Try to do a pcap to see the destination server for speed test. Then apply a<BR />test pre-filter policy to fastpath that traffic and see if it improves.<BR />This is to isolate if FTD is doing something to speed tes traffic specific<BR />or its general ssl inspection for all traffic.<BR /><BR /><BR />**** please remember to rate useful posts<BR /> Tue, 08 Dec 2020 06:50:02 GMT https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4194962#M1076495 Mohammed al Baqari 2020-12-08T06:50:02Z https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4195147#M1076506 <P>With the policy I have in place, it should not consume much of the FTD performance. Even it did, why only "throttle" the upload, not the download direction?</P><P>&nbsp;</P><P>Also speedtest.net was just an example, I also tried onedrive and google cloud for uploading with similar slowness.</P> Tue, 08 Dec 2020 13:11:50 GMT https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4195147#M1076506 SIMMN 2020-12-08T13:11:50Z https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4280936#M1077725 <P>Hi ,&nbsp;I have same problem&nbsp; ,&nbsp; What was done and solved. Is there any improvement ?&nbsp;</P> Wed, 27 Jan 2021 21:35:18 GMT https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4280936#M1077725 aliozturk9@gmail.com 2021-01-27T21:35:18Z https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4281278#M1077748 <P>If you use the FTD 1K platform, reach out to TAC and they would provide you a hot fix for the issue on v6.6.1.</P> Thu, 28 Jan 2021 11:24:42 GMT https://community.cisco.com/t5/network-security/https-ssl-upload-speed-is-slow-through-ftd-with-ssl-policy/m-p/4281278#M1077748 SIMMN 2021-01-28T11:24:42Z