Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
5
Helpful
1
Replies

Rate Limit FMC Communications to remote FTD's

Travis-Fleming
Level 1
Level 1

‎11-13-2020 07:27 AM

Is there an easy way to put bandwidth rate limits on our FMC Communications? Over the past few weeks there have been a few times our 100 Mbps MPLS is reaching 88% upload, and several of our smaller sites are reaching the high 90's in download bandwidth percentages. Just now netflow shows it just pushed 12.5 GB to 15 remote FTD's in a matter of 5 minutes. I know I could set QoS policies on my remote gateway 4331 routers, or data center MPLS routers, but I was hoping there was a central way to do this at the FMC?

0 Helpful
1 Reply 1

HQuest
Level 1
Level 1

‎11-13-2020 12:03 PM

The FMC is expected to receive a lot more data than to push anything to the sensors. It would only do so when tasks such as deployments, sensor OS upgrades, threat data updates or data restores are in place. However a few tasks can take quite a bit of resources if done too often. Think of the integrations to AD/LDAP realms, pxGRID, Cloud services or Orchestration events. Have them too aggressive, you might need some extra bandwidth to accommodate the frequency.

 

With that said, and back to the original question, the easy way to rate limit would be how much and how often you push data to your sensors. No other internal ways to limit - and IMHO, on this scenario, applying QoS might make matters worse.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card