https://community.cisco.com/t5/network-security/asa-5510-performance-issues/m-p/807847#M970925 <P>Hi, we have an ASA 5510 with about 140 defined rules in the security policy.</P><P>In our company there are some complaints about the performance throughput from one network (inside) to another (dmz).</P><P>For example, we have a ecommerce platform that resides in the dmz but uses (at startup of the services only) a database that's on the inside network. When the services of these server applications are started, it takes about 1 hour and 20 minutes to load all data needed. When I connect one of these servers directly on our internal network, the startup only takes about 40 minutes. The amount of data transferred is estimated around 6 GB. The transfer is done by a Oracle client querying an Oracle database.</P><P>Is there any reason to believe that the firewall could be a bottleneck here? Too many rules?</P><P>Are some rules more cpu-intensive to handle than others?</P><P></P><P>We also have a builtin content security scanning appliance from trendmicro, but I configured the ASA to only inspect http and smtp traffic using this board.</P><P></P><P>The CPU on the firewall shows an average value of around 4% (also during the times the ecommerce applications are loading the data from the database.</P> Mon, 11 Mar 2019 10:59:48 GMT rsnd 2019-03-11T10:59:48Z https://community.cisco.com/t5/network-security/asa-5510-performance-issues/m-p/807847#M970925 <P>Hi, we have an ASA 5510 with about 140 defined rules in the security policy.</P><P>In our company there are some complaints about the performance throughput from one network (inside) to another (dmz).</P><P>For example, we have a ecommerce platform that resides in the dmz but uses (at startup of the services only) a database that's on the inside network. When the services of these server applications are started, it takes about 1 hour and 20 minutes to load all data needed. When I connect one of these servers directly on our internal network, the startup only takes about 40 minutes. The amount of data transferred is estimated around 6 GB. The transfer is done by a Oracle client querying an Oracle database.</P><P>Is there any reason to believe that the firewall could be a bottleneck here? Too many rules?</P><P>Are some rules more cpu-intensive to handle than others?</P><P></P><P>We also have a builtin content security scanning appliance from trendmicro, but I configured the ASA to only inspect http and smtp traffic using this board.</P><P></P><P>The CPU on the firewall shows an average value of around 4% (also during the times the ecommerce applications are loading the data from the database.</P> Mon, 11 Mar 2019 10:59:48 GMT https://community.cisco.com/t5/network-security/asa-5510-performance-issues/m-p/807847#M970925 rsnd 2019-03-11T10:59:48Z https://community.cisco.com/t5/network-security/asa-5510-performance-issues/m-p/807848#M970926 <HTML><HEAD></HEAD><BODY><P>I dont think that ACL's should be a problem, I will probably disable inspection of traffic and apply sniffer to check the packet flow.</P><P></P><P>~Rohit</P></BODY></HTML> Mon, 20 Aug 2007 12:31:13 GMT https://community.cisco.com/t5/network-security/asa-5510-performance-issues/m-p/807848#M970926 rochopra 2007-08-20T12:31:13Z