Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3921
Views
10
Helpful
2
Replies

FP 2100 real performance numbers

Go to solution
Wise_Man_1
Level 1
Level 1

‎09-06-2017 09:39 AM - edited ‎02-21-2020 06:16 AM

Hi Experts,

 

I have another question regarding the FP 2100 performance numbers, which I did not want to add to the original post on https://supportforums.cisco.com/t5/firewalling/new-firepower-2100-performance-numbers/m-p/3059018#M159584

 

to my surprise, I found these numbers at a customer site, provided by another system integrator who was offering a competitive solution,

 

 2110212021302140
FTD 1024-byte HTTP IPS + AVC2 Gbps3 Gbps4.75 Gbps8.5 Gbps
FTD 450-byte HTTP IPS + AVC850 Mbps1.1 Gbps1.7 Gbps3.2Gbps
FTD 1024-byte HTTP AMP lookup+Sandboxing1 Gbps1.5 Gbps2.4 Gbps4.3 Gbps
FTD 1024-byte TCP S2S IPsec VPN AVC600 Mbps850 Mbps1.3 Gbps2.4 Gbps

 

the second line indicates what Cisco used to publish under seizing throughput, but the rest are (if they are correct) real disturbing.

so can someone from Cisco confirm or dispute these numbers?

Thanks

Wise

 

 

1 person had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Sam Smith
Level 1
Level 1

‎09-10-2017 02:48 AM

Hello Wise,

 

The numbers look reasonable to me, since September 2016 Cisco security have started using “marketing figures” by removing the “seizing” performance from the data sheet, if you look at the FP data sheets from August 2016 and before, you would see a seizing throughput row in the data sheet (using 450 byte HTTP traffic), so for example the FP4110 had a seizing throughput 4 Gbps IPS or AVC, while the current data sheet shows it as 10 Gbps IPS + AVC .

 

I really don’t care about the marketing figures, what I care about is when I propose a solution for my customer it fits their requirements, so I will always go with the seizing performance number, which is backed up by 3rd party testing.

 

You referenced the NSS labs testing in your previous post, the seizing throughput of the FP4110 is 4 Gbps IPS or AVC, according to old seizing guidelines, IPS + AVC is 30-45% less than the IPS or AVC number, which means that the FP 4110 has a IPS + AVC throughput of 2.2 – 2.8 Gbps, the test results in the latest NSS labs showed it as 2.45 Gbps

 

The same would apply to the FP2100, so use the seizing throughput (line 2) for IPS or AVC, then apply 30-45% degradation for IPS + AVC

 

Hope that helps

 

Best Regards

 

Sam

View solution in original post

2 Replies 2

Go to solution
Sam Smith
Level 1
Level 1

‎09-10-2017 02:48 AM

Hello Wise,

 

The numbers look reasonable to me, since September 2016 Cisco security have started using “marketing figures” by removing the “seizing” performance from the data sheet, if you look at the FP data sheets from August 2016 and before, you would see a seizing throughput row in the data sheet (using 450 byte HTTP traffic), so for example the FP4110 had a seizing throughput 4 Gbps IPS or AVC, while the current data sheet shows it as 10 Gbps IPS + AVC .

 

I really don’t care about the marketing figures, what I care about is when I propose a solution for my customer it fits their requirements, so I will always go with the seizing performance number, which is backed up by 3rd party testing.

 

You referenced the NSS labs testing in your previous post, the seizing throughput of the FP4110 is 4 Gbps IPS or AVC, according to old seizing guidelines, IPS + AVC is 30-45% less than the IPS or AVC number, which means that the FP 4110 has a IPS + AVC throughput of 2.2 – 2.8 Gbps, the test results in the latest NSS labs showed it as 2.45 Gbps

 

The same would apply to the FP2100, so use the seizing throughput (line 2) for IPS or AVC, then apply 30-45% degradation for IPS + AVC

 

Hope that helps

 

Best Regards

 

Sam

Go to solution
Wise_Man_1
Level 1
Level 1
In response to Sam Smith

‎09-10-2017 09:24 AM

Thanks Sam

 

but the number in line 2 is for IPS + AVC, would the same rule apply?

 

BR

Wise

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card