Secure firewall 3105 throughput

peter.matuska1 · ‎01-11-2024

Hi,

this should be 10G FW but the iperf speedtest result gives me apprx. 650Mbps when testing from A to B. When testing from B to A, I get 900Mbps. The connected interfaces are 1G. When I tested from A to B and from B to A but traffic bypassing the FW, I got 930Mbps so it looks like the FW is an issue. When I configure prefilter I got slightly better results but not 930Mbps.

FW is running 9.3.1

thank you

MHM Cisco World · ‎01-11-2024

Yes the FW throughput is around 900Mbps
if you config prefilter then all traffic pass without inspect, to solve issue I think you need to bypass the FW
MHM

peter.matuska1 · ‎01-11-2024

Only 900? It is not even closed to advertised 10G

tvotna · ‎01-11-2024

Do you generate single flow or multiple flows? 3105 has 12 CPU cores, so testing it with a single flow is simply not a valid test.

MHM Cisco World · ‎01-11-2024

But you are use interface have 1g how you want to get around 10g !!!

Change it to sfp 10g and check again.

MHM

MHM Cisco World · ‎01-11-2024

firepower performance estimator

If you can access to this' check the throughput when using 1g and 10g.

MHM

Marvin Rhoads · ‎01-11-2024

Rated firewall throughput is not for a single flow but rather is an aggregate capacity. That especially applies in non-prefilter uses where the Snort performance (a given flow uses a given instance which is running on a single core), but also applies to prefilter where only LINA and not Snort is in play.

peter.matuska1 · ‎01-11-2024

ok, so it is by design. I tested the same with different vendor, FW was installed in vmware and single flow was reaching 4Gbps and by adding the CPU it was rising. thank you

peter.matuska1 · ‎01-11-2024

one more question. How about IPSec throughput? datasheet says 5,5Gbps. The question is whether I can reach this speed between 2 sites.