10-07-2014 01:18 AM - edited 03-11-2019 09:52 PM
I'm planning to migrate an ASA firewall to a ASA NGFW-X.
I know there are a Cisco migration path recommendations, but I would like to test the current firewall with some commands to know this firewall is not at its performance limit and to make the decision based in some data or study
what commands can I use to test the current firewall performance?
10-07-2014 06:26 PM
Hi,
Checking performance on the ASA device can be tricky. You would see the normal indicators as the latency , throughout speeds etc.
These are some of the commands that would give an indication about the ASA heath:-
1) show int details :- Check for interface errors
2) show cpu :- Check for High CPU
3) show mem :- Check for High Memory
4) show blocks:- For any block depletion.
These are some of the Basic indicators.
Let me know if you have any other queries.
Thanks and Regards,
Vibhor Amrodia
10-08-2014 01:35 AM
I don't have errors, but I have dropped packets.
Suppose dropped packets are for ACL filtering not for performance issues, true?
10-08-2014 01:39 AM
Hi,
Yes , those are only for the packets which are being dropped by the configured policies on the ASA device. So , you can ignore them.
Thanks and Regards,
Vibhor Amrodia
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide