cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
370
Views
9
Helpful
3
Replies

Planning Cisco ASA Migration

jmprats
Level 4
Level 4

I'm planning to migrate an ASA firewall to a ASA NGFW-X.

I know there are a Cisco migration path recommendations, but I would like to test the current firewall with some commands to know this firewall is not at its performance limit and to make the decision based in some data or study

what commands can I use to test the current firewall performance?

3 Replies 3

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

Checking performance on the ASA device can be tricky. You would see the normal indicators as the latency , throughout speeds etc.

These are some of the commands that would give an indication about the ASA heath:-

1) show int details :- Check for interface errors

2) show cpu :- Check for High CPU

3) show mem :- Check for High Memory

4) show blocks:- For any block depletion.

These are some of the Basic indicators.

Let me know if you have any other queries.

Thanks and Regards,

Vibhor Amrodia

I don't have errors, but I have dropped packets.

Suppose dropped packets are for ACL filtering not for performance issues, true?

Hi,

Yes , those are only for the packets which are being dropped by the configured policies on the ASA device. So , you can ignore them.

Thanks and Regards,

Vibhor Amrodia
 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: