Solved: Firepower throughput Test

Ha Dao · ‎06-03-2019

Anyone tried test the Firepower performance ?.

I have a Firepower 2110, i tried to test the FTP download via Firepower. It is very amazing that the max speed only got about 400 Mbps.

Cisco told me that this cause by Snort instance, and one session only get that speed.

I m not happy with Firepower, before that, i was using Juniper devices and i always get 800 - 900 Mbps for download FTP file.

Marvin Rhoads · ‎06-03-2019

You can still block according to traditional 5-tuple (protocol, source and destination address, source and destination port).

As Cisco notes, a single flow that's being inspected by Snort will be limited by the throughput of the instance it is using. That's different than the throughput of the appliance overall.

Expect this to change when Firepower 6.5 comes out with Snort 3 support under the covers. Snort 3 is multi-threaded per instance.

View solution in original post

Marvin Rhoads · ‎06-03-2019

You can trust the flow with a prefilter policy and then test the throughput. That will bypass Snort (application-level and other inspections).

Ha Dao · ‎06-03-2019

Hi Marvin
If i do that, then no policy apply right ?. FW can not block anything ?

Marvin Rhoads · ‎06-03-2019

You can still block according to traditional 5-tuple (protocol, source and destination address, source and destination port).

As Cisco notes, a single flow that's being inspected by Snort will be limited by the throughput of the instance it is using. That's different than the throughput of the appliance overall.

Expect this to change when Firepower 6.5 comes out with Snort 3 support under the covers. Snort 3 is multi-threaded per instance.

Ha Dao · ‎01-05-2020

@Marvin Rhoads wrote:
You can still block according to traditional 5-tuple (protocol, source and destination address, source and destination port).
As Cisco notes, a single flow that's being inspected by Snort will be limited by the throughput of the instance it is using. That's different than the throughput of the appliance overall.
Expect this to change when Firepower 6.5 comes out with Snort 3 support under the covers. Snort 3 is multi-threaded per instance.

Hi Marvin
I see Cisco release version 6.5 for FP. Can you confirm is it support multi-threaded per instance now ?

Marvin Rhoads · ‎01-05-2020

The introduction of Snort 3 into Firepower was delayed. So it is not yet supported on Firepower 6.5.

Perhaps we will see it in 6.6 which should be out in a couple of months.

m.azlan · ‎05-05-2020

Hi,

The Firepower 8120 only can upgrade 6.4.8, is there any plan from Cisco the provide version 6.5 for 8000 series?

Marvin Rhoads · ‎05-05-2020

@m.azlan - No. The Firepower 8000 series was end of sales as of June 2019:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-7000-series-appliances/eos-eol-notice-c51-741685.html

6.4.0.8 is currently the latest release. It will continue to get any 6.4.0.x patches and SRU/VDB/Geolocation updates.

It will not get 6.5.x (or later) major releases.

Ha Dao · ‎05-06-2020

Hi Guys

After upgrade to 6.5, my FP 2110 can get speed test around 600Mbps