It's just sort of a matter of

mialbert · ‎06-02-2017

We have purchased and configured some asa 5506's. We have installed basic firepower on each(only ips . No amp licenses for extra features). Will the 5506 be strong enough resource wise to run firepower on the basic ips/ids?

Marvin Rhoads · ‎06-04-2017

Sure. As long as you keep the throughput below the rated maximum (125 Mbps with AVC and IPS as shown in the data sheet here: http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html) you should be just fine.

These are pretty widely deployed in just this way.

mialbert · ‎06-05-2017

We have a sizing chart(a spreadsheet) from our reseller which states that the 5506 with ips will reduce throughput to 68mb which is why i was asking. Does this sound accurate?

Marvin Rhoads · ‎06-05-2017

As with most performance engineering answers, "it depends". If you measure with the data sheet metric of 1024 byte packet size and all http traffic then the answer is as specified in the data sheet.

If you drop the packet size to 450 byes then you will see performance closer to your cited number.

If you are in the grey area in between, your reseller can pull some metrics from your actual network and request Cisco partner help desk to run the actual numbers through an internal sizing tool and give you a precise estimate based on your environment.

mialbert · ‎06-08-2017

It's just sort of a matter of who to believe. Leaning on believing cisco but i was just wondering what throughput's people are actually getting in production. Main features we'd be running on this level of unit would be ips/ids and anyconnect or site ipsec vpn.

firepower with asa 5506