cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3191
Views
7
Helpful
5
Replies

ASA Firepower Performance Numbers

Looking for the real performance numbers for the ASA family and the Firepower Family when Firepower features are turned on.

The numbers for the ASA 5500-X in the data sheets are not true performance numbers and we have customers that are not happy because they are not performing as expected.

5 Replies 5

vrostowsky
Level 5
Level 5

we ran into some very different real world performance metrics when we deployed these devices a few years back.  Cisco states the figures for each model, and with different features enabled, but for real world performance, it should be sized with the next larger model for best results.  If you read the performance data. you will see that these are based on certain 'ideal' conditions. Utilizing all features really impact the stats on the device.

"Throughput assumes HTTP sessions with an average packet size of 1024 bytes. Performance will vary depending on features activated, and network traffic protocol mix, packet size characteristics and hypervisor employed (NGFWv). Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.

1 Maximum throughput measured with UDP traffic under ideal conditions.

2 Multiprotocol = Traffic profile consisting primarily of TCP-based protocols/applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.

Note: Throughput assumes HTTP sessions with an average packet size of 1024 bytes

http://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-736661.pdf

Cisco ASA with FirePOWER Services Data Sheet - Cisco

HTH-

Vince

Vince,

Seen this document and its stats as you suggest does not match real world environments.  One of my team indicates that there is a Cisco internal calculator that can provide some better numbers, but it is one accessable by some special security SE's.  It would be really helpful for a partner to have easy access to the tool so we do not get a bad Customer sat because the ASA is underperforming the Data Sheet.

If you have partner access, you can take a look in this document.

NGFW Performance White Paper

I do not believe that an actual sizing calculator exiats as the placement, features, size of the site,  Internet connection speed, and type of traffic are all variables.  The document Dennis provided is the best bet for calculating the model that you should purchase.  Always plan for the future expansion and change of the above variables before purchasing your device.

Good luck

Vince

there is actually a sizing calculator. But it is only for Cisco employees.

Ask your Cisco SE to help you with sizing, for indirect access to this.

Review Cisco Networking for a $25 gift card