cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


599
Views
0
Helpful
4
Replies

Cisco ASA5506-x Firepower Slow throughput

Hello,

 

We got a Cisco ASA5506-X with Firepower and all traffic is going through the firepower module. There are allot of Access Control Policies allowing and blocking sites. 

 

Now the problem is that the internet speed should be 100Mb but we are only getting arround 

10 Mb. Could that be because we are using allot of policies? can someone please explain this.

 

Firepower version 6.1.0

ASA Version:         9.6(1)

4 REPLIES 4
Hall of Fame Master

Re: Cisco ASA5506-x Firepower Slow throughput

Even if you had IPS+URL Filter+ AMP features in use you should be getting several times that throughput.

 

Are you doing SSL decryption? That will give a huge performance reduction as it is (currently) all done in software.

VIP Advisor

Re: Cisco ASA5506-x Firepower Slow throughput

how are you testing your speed? like a internet speed tester on Inside?  would be interesting to see how much traffic is leaving and entering the ouside interface of your ASA.

 

in addition, and i dont know if that feasible, and if you can get downtime, plug a laptop into the outside internet feed and do a speedtest that way

Please remember to rate useful posts, by clicking on the stars below.

VIP Advocate

Re: Cisco ASA5506-x Firepower Slow throughput

If you bypass the Firepower module and just send traffic through the ASA do you see normal traffic speed then?

I have seen several cases with this exact problem and we have TAC cases going on all of them.  In all cases it is ASA and traffic being redirected to the Firepower module.  But as these cases are ongoing, TAC has not provided a solution yet.

--
Please remember to rate and select a correct answer

Re: Cisco ASA5506-x Firepower Slow throughput

Did anyone ever get a solution to this? I have the same issue - 20Mbps through Firepower but 100 as soon as I remove the service policies. I'm not using URL or SSL and only have 4 rules.