Based on the information that

baskervi · ‎12-02-2016

I know what the advertised throughput is, and I also know what the advertised throughput vs actual throughput was for the 5505 - a huge difference. We ended up replacing some 5505 firewalls because throughput was abysmal. Has anyone actually tested the 5505? How does it fare?

Thanks

nspasov · ‎12-02-2016

Hi there, the answer to your question can be very different based on the many variables:

1. What type of traffic is on your network: Mostly TCP, UDP or both

2. Average number of connections

3. Average packet size (1500 bytes, 10 bytes?)

4. Are you planning on doing SSL Decryption/inspection? If yes, what percent of your traffic is expected to be decrypted

5. Are you looking for the throughput of just L1-L4 or all of the way up to L7?

6. Are you running NGFW features on the 5506? (IPS, AMP, URL Filtering)

7. Is there going to by Remote Access and/or Site-to-Site VPNs terminating on the ASA?

The spec sheet for the 5505 can be found here:

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733510.html

I hope this helps!

Thank you for rating helpful posts!

baskervi · ‎12-02-2016

1. I'd presume it's mostly web based, so TCP.

2. I don't know about average number of connections, but there are only 20 users - that certainly shouldn't affect performance that much.

3. I'd estimate the average packet size to be 1000 B, but I've done no analysis.

4. Negative on SSL decription/inspection.

5. Let's just say application layer.

6. For this discussion sake, no NGFW features will be used.

7. No VPNs will be configured.

I'm very familiar with the 5505 spec sheets. I support several customers, and as they increased Internet speeds past 30 Mbps inbound, their ASAs could not keep up. Almost all had some VPN connections, but a couple did not. We ended up yanking out two 5505's and replace them with another vendor's firewall. One of these had 100 Mbps Internet bandwidth, and they went from around 32 Mbps to 100 Mbps with the firewall exchange. I've since had four ASA 5505's replaced because of performance issues. I do IT consulting, and a colleague of mine recently commented that he pulled out their ASA and replaced it with a higher performing firewall. I posted this to the Cisco forums a while back, and I did receive hits that others were seeing this as well. I'm not looking for calculations from Cisco documentation, and I especially don't want to make a recommendation and come out short. If you can help out, I'd be very grateful. Thank you.

nspasov · ‎12-04-2016

Based on the information that you provided you should be able to get 300Mb total throughput traffic. The box is rated @750 Mb but that is for strict UDP traffic. With TCP you are looking at 300Mb. Now, if you start using L7 rules and IPS that throughput will go down to about 120Mb and if you ever enable AMP then you are looking at roughly 50Mb.

Thank you for rating helpful posts!

filip00011 · ‎12-03-2016

I do have ASA5506 home. I have internet connection which has 300Mb/s speed. This ASA can handle it. I have also tried to copy files from local server through ASA with NAT and couple security rules applied. I was able to reach a speed of 315-325 Mb/s

Does anyone know what the actual throughput is for the ASA 5506-X