02-16-2018 05:53 AM - edited 02-21-2020 07:22 AM
Hello,
We got a Cisco ASA5506-X with Firepower and all traffic is going through the firepower module. There are allot of Access Control Policies allowing and blocking sites.
Now the problem is that the internet speed should be 100Mb but we are only getting arround
10 Mb. Could that be because we are using allot of policies? can someone please explain this.
Firepower version 6.1.0
ASA Version: 9.6(1)
02-16-2018 08:40 PM
Even if you had IPS+URL Filter+ AMP features in use you should be getting several times that throughput.
Are you doing SSL decryption? That will give a huge performance reduction as it is (currently) all done in software.
02-17-2018 05:00 AM
how are you testing your speed? like a internet speed tester on Inside? would be interesting to see how much traffic is leaving and entering the ouside interface of your ASA.
in addition, and i dont know if that feasible, and if you can get downtime, plug a laptop into the outside internet feed and do a speedtest that way
02-19-2018 02:04 AM
If you bypass the Firepower module and just send traffic through the ASA do you see normal traffic speed then?
I have seen several cases with this exact problem and we have TAC cases going on all of them. In all cases it is ASA and traffic being redirected to the Firepower module. But as these cases are ongoing, TAC has not provided a solution yet.
11-30-2018 07:36 AM - edited 11-30-2018 07:37 AM
Did anyone ever get a solution to this? I have the same issue - 20Mbps through Firepower but 100 as soon as I remove the service policies. I'm not using URL or SSL and only have 4 rules.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide