We got a Cisco ASA5506-X with Firepower and all traffic is going through the firepower module. There are allot of Access Control Policies allowing and blocking sites.
Now the problem is that the internet speed should be 100Mb but we are only getting arround
10 Mb. Could that be because we are using allot of policies? can someone please explain this.
Firepower version 6.1.0
ASA Version: 9.6(1)
Even if you had IPS+URL Filter+ AMP features in use you should be getting several times that throughput.
Are you doing SSL decryption? That will give a huge performance reduction as it is (currently) all done in software.
how are you testing your speed? like a internet speed tester on Inside? would be interesting to see how much traffic is leaving and entering the ouside interface of your ASA.
in addition, and i dont know if that feasible, and if you can get downtime, plug a laptop into the outside internet feed and do a speedtest that way
If you bypass the Firepower module and just send traffic through the ASA do you see normal traffic speed then?
I have seen several cases with this exact problem and we have TAC cases going on all of them. In all cases it is ASA and traffic being redirected to the Firepower module. But as these cases are ongoing, TAC has not provided a solution yet.
Did anyone ever get a solution to this? I have the same issue - 20Mbps through Firepower but 100 as soon as I remove the service policies. I'm not using URL or SSL and only have 4 rules.