Did you try to reload the

milan.glusac · ‎01-05-2016

Hi,

Can someone tell me maxumum throughput on ASA 5516x if AMP and IPS are on.

We can't get more than 50 Mbit/s on download and 35 Mbit/s on upload.

If i remove AMP and IPS from rule d/u is normal.

johnlloyd_13 · ‎01-05-2016

hi,

see table 2 on this link:

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

there's a note which says: Activating more features will change performance

osiega001 · ‎01-06-2016

a 5516-x should be capable of doing 450 Mbps max with avc and ips according to the specs.

In the real world this seems just about 120Mbps for me and Milan is even reporting less..

I think this difference is just too much...

milan.glusac · ‎01-07-2016

Yes it shoud be at least 120-150 Mbps.

Here is the rule with AMP only and still it's slow.

osiega001 · ‎01-07-2016

Try to add a filter for application: like HTTP or FTP and see if it helps

milan.glusac · ‎01-07-2016

Alredy tried that . Didn't help either.

osiega001 · ‎01-11-2016

Did you try to reload the firewall?

It solves many other issues here...

Marvin Rhoads · ‎01-06-2016

AMP is the most resource-intensive NGIPS feature.

The numbers you are seeing are about what is expected with AVC + IPS + AMP + URL features all active.

milan.glusac · ‎01-06-2016

Hi,

We also tested ASA 5515 and we got 3x better results with same configuration.

5515 is rated below 5516 so i am confused.

TAC told as that since 5516 have 3 cores throughput is splitted , but i can't find any documentation about that.

Cisco ASA throughput.