It's through the FirePower service module which runs on a VM server.  However, it maxes out the processors on the ASA and then the network comes to almost a total standstill.  We've had a TAC case on it; they say the machine isn't big enough to handle file inspection.  The last time we turned it on, it was only inspecting 4 files and it took it down.  We're a public library with public computers and have high Internet usage.  We really wanted this because people many times click on links that are harmful and they don't know it or they do it intentionally.

So you're using a file inspection policy with the AMP license?

What sort of throughout are you typically pushing? 

Have you excluded zip files from the file inspection policy?

The 5555-X is a pretty capable box but AMP is the most resource-intensive feature of the FirePOWER module. That said, it should still be usable under any load conditions that are within the design spec. 

Hello Team,

As Marvin said file inspection will take more intensive resources to work with that feature. But if you already provided the enough resources in the device  , it should not be a problem. We can also perform some fine tuning in this. We should have a look at your policy and check if there is anything that overloads the system by consuming all available resources. What are the versions involved here ? Is there any specific reason or bug identified by Cisco TAC due to which they have requested you to turn off the file inspection.

Regards

jetsy

I agree that file inspection is intensive but the box was undersized.  We have a 1Gb connection to the Internet.  Turning off file inspection lets everything else work but when that is part of the reason you bought the product, that isn't an acceptable solution.  The 5555 is going to now be replaced with a 4110.  Hopefully that will allow us to use the device the way it was demonstrated when it was sold to us.

Anne