Solved: Re: ASA-5508 Throughput

Ryantek · ‎02-24-2022

I have 2 ASA-5508's in an Active/Passive configuration. My question is that I have a new 2Gbps internet circuit. Can I use port-channels to get more throughput? I have a Cisco switch with some mGig ports, so I was thinking I can terminate the circuit in the switch and use ether-channel on the switch for inside and outside of the ASA. I see the throughput on the ASA-5508 is 1 Gig. Is that per 1 port or is it max for the whole device?

Rob Ingram · ‎02-25-2022

@Ryantek the ASA datasheet indicates that the 5508 cannot do 2Gb of firewall throughput, only 1Gb of Firewall and only 250Mb of NGFW. So unfortunately an port channel won't help.

https://www.cisco.com/c/en/us/products/collateral/security/asa-firepower-services/datasheet-c78-742475.html

You'll have to upgrade the device, I suggest looking at the 1120/1140 series devices

https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

View solution in original post

00u17 · ‎02-24-2022

The throughput is max for the whole device and it is often measured in ideal conditions.

Rob Ingram · ‎02-25-2022

@Ryantek the ASA datasheet indicates that the 5508 cannot do 2Gb of firewall throughput, only 1Gb of Firewall and only 250Mb of NGFW. So unfortunately an port channel won't help.

https://www.cisco.com/c/en/us/products/collateral/security/asa-firepower-services/datasheet-c78-742475.html

You'll have to upgrade the device, I suggest looking at the 1120/1140 series devices

https://www.cisco.com/c/en/us/products/collateral/security/firepower-1000-series/datasheet-c78-742469.html

Ryantek · ‎02-25-2022

Thank you for your reply. This is for my home so I guess ill look at a ASA-5545 device.