Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
6
Replies

Firesight IPS Bandwidth and Best Practice

ccg-security
Level 1
Level 1

‎02-27-2017 12:08 AM - edited ‎03-12-2019 06:18 AM

Hi Cisco Support,

We would like to ask you some important details that we need regarding IPS. These topics are "Bandwidth", "Effort", and "Best Practice". So First, regarding the bandwidth, we would like to know if there are any impact on our bandwidth if all traffic will pass through IPS knowing that IPS will monitor all those traffic. Second, how much effort we will need to implement these kind of setup. Lastly, what is/are the best practices on implementing IPS in an organization.

Thank you and best regards!

Labels:
0 Helpful
6 Replies 6

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-28-2017 12:31 AM

Short lived flows cause the most impact.  Big long file transfer have only a small impact.  Certain types of traffic need a lot more CPU, like http.  If you use ssl decryption then that uses a tonne of CPU.

Firepower is quite time intensive to setup.  I would allow a full day. Most of that time is spent upgrading it to current software and deploying the Firepower virtual management centre.

How much bandwidth are you looking to protect?

0 Helpful

ccg-security
Level 1
Level 1
In response to Philip D'Ath

‎02-28-2017 02:13 AM

Hi Philip,

Thank you for the reply. We are only using Protection license so we are using most of IPS signatures. Do you have any documentation stated that there's an impact on the bandwith during inspection?

Thank you and best regards!

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to ccg-security

‎02-28-2017 11:13 AM

I don't have such a document - but it is common sense. The device has to use CPU to look at traffic.  The more signatures and the more traffic it uses the more CPU will be required.

0 Helpful

vaibhav.parlekar1
Level 1
Level 1
In response to Philip D'Ath

‎03-07-2017 03:56 PM

if I am not wrong turning on FireAMP for malware analysis adds a significant impact to performance. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to vaibhav.parlekar1

‎03-07-2017 09:24 PM

That's correct - the AMP feature is the most CPU-intensive of the lot.

The performance hit varies by platform. It will be a lot less on the new FirePOWER 2100 series due to how they use dedicated Network Processing Unit (NPU) ASICs for some of the NGIPS features vs a single multi-core CPU like on the 5500-X appliances.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ccg-security

‎02-28-2017 06:14 PM

Your partner can request (via Partner Help Desk) Cisco run your traffic and bandwidth and feature profile through an internal-only performance estimator tool.

That tool will give you a report of exactly how much capacity the various platforms will use in your scenario,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card