Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1772
Views
5
Helpful
4
Replies

Sizing ASA FP/FTD and FP NGIPS

Go to solution
Michael Gioia
Level 1
Level 1

‎06-15-2019 07:47 PM

This is great for ASA sizing

https://apps.cisco.com/ccw/cpc/compare/ucsComparePage?selectedValues=model_asa5506,model_asa5506wa,model_asa5506hx,model_asa5508x,model_asa5512x,model_asa5515x,model_asa5516x,model_asa5525x,model_asa5545x,model_asa5555x,model_asa5585-s10f10-k9,model_...

 

Specifically showing the serialisation of all possible filters/engines (fundamentally and mathematically appropriate as it slows down the deeper the inspection/parsing/extraction goes.. this is critical for me to see.)

 

Do we have anything for FP NGIPS appliances ?
(Could probably HTTP parameter 'hack' the https://apps.cisco.com/ccw/cpc/compare/ucsComparePage page to add the selected values for FP appliances ?)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-16-2019 07:51 PM

Cisco recommends we use this tool for FTD/NGFW:

https://ngfwpe.cisco.com

The output is not as verbose; but they have consistently declined to make a more comprehensive tool available - even to partners.

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-16-2019 07:51 PM

Cisco recommends we use this tool for FTD/NGFW:

https://ngfwpe.cisco.com

The output is not as verbose; but they have consistently declined to make a more comprehensive tool available - even to partners.

Go to solution
Michael Gioia
Level 1
Level 1
In response to Marvin Rhoads

‎06-16-2019 08:53 PM

The output is not as verbose; but they have consistently declined to make a more comprehensive tool available - even to partners.

< sad face >

0 Helpful

Go to solution
Michael Gioia
Level 1
Level 1
In response to Michael Gioia

‎06-16-2019 09:24 PM

@Marvin Rhoads...

If you pick 5Gb+ for bandwidth profile and have all engines/filters ticked except for the last one, being VPN (aka, all prior checkboxes..).

Do you get any options ? (Common packet profile and 40-80% uti)

 

:/

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Michael Gioia

‎06-16-2019 11:09 PM

It gives no options. :/

SSL decryption is the killer. Cisco (nor most others) won't commit to (or recommend) trying to do SSL decryption at full line rate for that high of throughput.

That said, they have tweaked SSL decryption performance for some of the more recent releases (introduced in hardware as of 6.2.3 and on by default in 6.3 and 6.4) and the tool might not yet reflect that.

I'd check directly with your Cisco SE if high throughput SSL decryption is important to you. Other security options (WSA, Umbrella, ETA etc.) may be more architecturally appropriate to address the underlying security need.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card