01-05-2016 06:05 AM - edited 03-12-2019 12:06 AM
Hi,
Can someone tell me maxumum throughput on ASA 5516x if AMP and IPS are on.
We can't get more than 50 Mbit/s on download and 35 Mbit/s on upload.
If i remove AMP and IPS from rule d/u is normal.
01-05-2016 10:14 PM
hi,
see table 2 on this link:
http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html
there's a note which says: Activating more features will change performance
01-06-2016 01:14 PM
a 5516-x should be capable of doing 450 Mbps max with avc and ips according to the specs.
In the real world this seems just about 120Mbps for me and Milan is even reporting less..
I think this difference is just too much...
01-07-2016 03:21 AM
01-07-2016 06:15 AM
Try to add a filter for application: like HTTP or FTP and see if it helps
01-07-2016 06:41 AM
Alredy tried that . Didn't help either.
01-11-2016 12:47 AM
Did you try to reload the firewall?
It solves many other issues here...
01-06-2016 05:56 AM
AMP is the most resource-intensive NGIPS feature.
The numbers you are seeing are about what is expected with AVC + IPS + AMP + URL features all active.
01-06-2016 11:43 AM
Hi,
We also tested ASA 5515 and we got 3x better results with same configuration.
5515 is rated below 5516 so i am confused.
TAC told as that since 5516 have 3 cores throughput is splitted , but i can't find any documentation about that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide