For internet connectivity, we have a Cisco Firewall connected to a BGP router multihomed with 2 ISP. Attached the high level diagram for reference.
We have noticed that the bandwidth usage over the primary connectivity is less than 5 % of the total 100 mbps internet bandwidth, same way if i route the traffic via the secondary path then the bandwidth goes at an average up to 30 %.
I have noticed that if i use any fast download softwares like DAP, then i am getting a speed of almost 10 Mbps but the normal usage is not crossing 5%. Is there any settings in ASA that i have to do to make this primary interface use more bandwidth.
It looks like only the http traffic that is not giving the throughput, the VPN and all other traffic is perfectly working. Also as i mentioned earlier if we use a Download Accelerator then i can easily download with 10 Mbps speed.
Any idea is this behavior due to any inspection ?
Please check the below configuration, any idea will this impact the internet browsing and download rate.
match access-list netflow-export
match port tcp eq www
policy-map type inspect dns migrated_dns_map_1
message-length maximum client auto
message-length maximum 512
inspect dns migrated_dns_map_1
flow-export event-type all destination 10.10.10.21
policy-map type inspect http inbound_http
match request body length gt 2000
match response body length gt 2000
match not request body length gt 100
match not response body length gt 100
match req-resp content-type mismatch
match request header content-type violation
match response header content-type violation
match request header length gt 100
match request uri length gt 100
inspect http inbound_http
service-policy global_policy global
prompt hostname context
call-home reporting anonymous