Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1329
Views
0
Helpful
4
Replies

Cisco ASA5506-x Firepower Slow throughput

johan oosterwaal
Level 1
Level 1

ā€Ž02-16-2018 05:53 AM - edited ā€Ž02-21-2020 07:22 AM

Hello,

 

We got a Cisco ASA5506-X with Firepower and all traffic is going through the firepower module. There are allot of Access Control Policies allowing and blocking sites. 

 

Now the problem is that the internet speed should be 100Mb but we are only getting arround 

10 Mb. Could that be because we are using allot of policies? can someone please explain this.

 

Firepower version 6.1.0

ASA Version:         9.6(1)

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž02-16-2018 08:40 PM

Even if you had IPS+URL Filter+ AMP features in use you should be getting several times that throughput.

 

Are you doing SSL decryption? That will give a huge performance reduction as it is (currently) all done in software.

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

ā€Ž02-17-2018 05:00 AM

how are you testing your speed? like a internet speed tester on Inside?  would be interesting to see how much traffic is leaving and entering the ouside interface of your ASA.

 

in addition, and i dont know if that feasible, and if you can get downtime, plug a laptop into the outside internet feed and do a speedtest that way

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Marius Gunnerud
VIP
VIP

ā€Ž02-19-2018 02:04 AM

If you bypass the Firepower module and just send traffic through the ASA do you see normal traffic speed then?

I have seen several cases with this exact problem and we have TAC cases going on all of them.  In all cases it is ASA and traffic being redirected to the Firepower module.  But as these cases are ongoing, TAC has not provided a solution yet.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Brian M
Level 1
Level 1
In response to Marius Gunnerud

ā€Ž11-30-2018 07:36 AM - edited ā€Ž11-30-2018 07:37 AM

Did anyone ever get a solution to this? I have the same issue - 20Mbps through Firepower but 100 as soon as I remove the service policies. I'm not using URL or SSL and only have 4 rules.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card