Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1697
Views
0
Helpful
4
Replies

FTD 6.2.0.1 Slow Connection

Go to solution
Maiquel Consalter
Level 1
Level 1

‎05-21-2017 12:47 PM - edited ‎03-12-2019 02:23 AM

I have a 5516-X with On-box mgmt with around 1k users behind him and internet connection 150Mbps.
When everyone comes and connects on the internet, the internet stay completely slow and the FTD stopped responding in the management interface.. We are just using the URL Filtering, no IPs, Geo.

I checked the interfaces no CRC or input errors, i checked the traffic and don´t find Nothing.

My question is: The On-box mgmt can be compromised the traffic?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dennis Perto
Level 5
Level 5

‎05-24-2017 12:55 AM

Hi maiquelconsalter  

By using on-box management you are using CPU cycles on running the management software it self, while the 5516-X really could use all the processing power possible to inspect your traffic. 

URL filtering is hitting the Atom processor harder than AMP would do which is quite opposite of what we are seing on all the other ASAs with Xeon-family processors. 

You can expect to see around 140Mbits of throughput on an 5516-X running AVC+IPS+URL filtering. (With a Firepower Management Center doing next to it)

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Dennis Perto
Level 5
Level 5

‎05-24-2017 12:55 AM

Hi maiquelconsalter  

By using on-box management you are using CPU cycles on running the management software it self, while the 5516-X really could use all the processing power possible to inspect your traffic. 

URL filtering is hitting the Atom processor harder than AMP would do which is quite opposite of what we are seing on all the other ASAs with Xeon-family processors. 

You can expect to see around 140Mbits of throughput on an 5516-X running AVC+IPS+URL filtering. (With a Firepower Management Center doing next to it)

0 Helpful

Go to solution
Maiquel Consalter
Level 1
Level 1
In response to Dennis Perto

‎05-24-2017 08:56 AM

Hi @dennisperto thanks for your answer. 

I thought the throuput with AVC + URL + IPS was 450MB, but 450MB is just AVC + IPS http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

Thanks.



0 Helpful

Go to solution
Dennis Perto
Level 5
Level 5
In response to Maiquel Consalter

‎05-24-2017 09:08 AM

You can expect 200Mbit with AVC + IPS. :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card