Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1116
Views
0
Helpful
4
Replies

Firepower configuration for maximum throughput

Robert Zeff
Level 1
Level 1

‎07-03-2016 01:57 PM - last edited on ‎03-25-2019 06:16 PM by Community Manager

We are a small ISP with about 600 customers.  Our aggregate through our ASA 5515x hits about 320 mbps.

A speedtest shows that it can do about 860 mbps up/down without FirePower.  With a typical Firepower inline configuration, we get about 220 mbps.

Purchasing a 5555-x is currently over our budget.  We are licensed for two ASAs, so the option exists to put a second one on the network or load balance. (which I've heard does not consume a license)

Another option is to just block BitTorrent, otherwise be notified of malware & intrusion attempts?

Can anyone suggest a way to configure this?

Thanks,

-Robert

Labels:
0 Helpful
4 Replies 4

ankojha
Level 3
Level 3

‎07-03-2016 10:07 PM

Hi Robert,

For blocking bittorrent, you can create an access control rule with bittorrent as an application selected and set the action to block.

Make sure if you are using the latest VDB (vulnearbility database on your firepower)

For getting alerts on intrusions and malware , you can refer to the below document :

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118464-configure-firesight-00.html

If you are managing via ASDM, you can use syslog an snmp same as above.

Please rate and mark helpful posts.

Thanks,

Ankita

0 Helpful

Robert Zeff
Level 1
Level 1
In response to ankojha

‎07-04-2016 12:06 PM

We are managing with FMC running under VMWare.  I'd rather see the alerts on FMC.

I do have this configuration, with my File policy looking like:

File Policy

If I select Malware cloud lookup under "action", it just looks up?  Otherwise I'd select "block malware"? 

It seems that no matter how minimal the configuration is, I cannot get over 280 mbps, and while doing a speedtest with one client, a ping test of about 2ms goes to 150-330 ms with a lot of jitter.

Thanks,

Robert

0 Helpful

Jetsy Mathew
Cisco Employee
Cisco Employee
In response to Robert Zeff

‎07-04-2016 10:33 PM

Hello

If you enable malware cloudlookup it will query cloud for the file disposition to check if the file is clean or threat etc..Block malware means it will completely block the files marked as malware.

For the verification of throughputs you can open a TAC request just to confirm that your deploymebt is proper.

Rate if posts helps you

Regards

Jetsy

0 Helpful

Ed Padilla Jr
Level 1
Level 1
In response to Robert Zeff

‎07-15-2016 12:44 PM

Keep in mind that Malware/file analysis will create more overhead on those ASAs, adding latency in your network.  Tune it well.   this is in addition on other features you add like URI filtering, Network Discovery policies, and Signatures with HIgh or very High overhead.

Just me 2 pennies

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card