We have recently upgraded our 100Mbps line to a 400Mbps line and discovered the ASA seems to be bottlenecking the connection.
For instance if we plug straight in to our NTU we get the full 400Mbps but as soon as we plug in the ASA we're lucky to get 100Mbps (it bounces a lot). I've read a few solutions elsewhere and tried those and do find different results I'm just wondering if there's anything we can do about this.
Firstly I've tried allowing my machine to bypass the service policy rules (particularly those that offload http and https to the Cisco Prime Security Manager CX) and the speed does increase by almost double to a consistent 200Mbps. This still isn't the 400Mbps we can get if going direct into the NTU.
Secondly someone mentioned a weird solution that is sticking a dumb 1Gbps switch in between the ASA and the NTU, I haven't tried that yet because of the downtime but wondering if anyone has heard of this resolving such an issue before?
What I'm trying to establish at this point is if we need to upgrade our firewall and filtering in order to take advantage of this increase in speed. I can see from the spec list the ASA is more than capable of that throughput but I know that's a theoretical maximum and having to inspect the traffic will bring it down some (but I wouldn't expect as much as it has).
Any opinions or advice anyone can offer on the subjet would be greatly received.
Thanks,
Dan