Cisco WSA Performance

CiscoNewBie25 · ‎03-02-2017

Hi,

Can someone share me a document about cisco WSA performance. I mean the throughput and how many user can be handled. Because i got nothing based on datasheet.

Thank you

Farhan Mohamed · ‎04-06-2017

Please see the link below for WSA reporting datasheet. Let me know if it helps:-

http://www.cisco.com/c/en/us/products/collateral/security/web-security-appliance/datasheet_c78-729104.html

keithsauer507 · ‎04-12-2017

The Page You Have Requested Is Not Available

http://www.cisco.com/c/en/us/products/collateral/security/web-security-appliance/datasheet_c78-729104.html

Venkatesh Attuluri · ‎04-12-2017

WSA is sized based on RPM (request per minute) let me know the number users, license bundle that you will enable

keithsauer507 · ‎04-12-2017

We are already enabled but our S170 is dog slow when doing anything in the management gui, and even slow to respond in an SSH session.

We have about 160 employees, perhaps 250 machines including servers. We have two 200/200 mbps internet connections into Ecessa PL-600 load balancers. Is our S170 slow because we are just overkill for this thing? I was thinking of converting it to a virtual appliance, but then we lose Layer 4 monitoring, but that may be a moot point because we have a third party IDS/IPS that is very good at catching that kind of thing.

Description	Status	Time Remaining	Expiration Date
Cisco L4 Traffic Monitor	Active	Perpetual	N/A
Cisco HTTPS Proxy	Active	Perpetual	N/A
File Reputation	Active	296 days	Sat Feb 3 05:25:24 2018
Cisco Web Usage Controls	Active	297 days	Sun Feb 4 04:29:32 2018
Sophos	Active	297 days	Sun Feb 4 04:29:27 2018
File Analysis	Active	296 days	Sat Feb 3 05:25:23 2018
Webroot	Active	297 days	Sun Feb 4 04:29:18 2018
Cisco Web Proxy & DVS Engine	Active	Perpetual	N/A
Cisco AnyConnect Secure Mobility	Active	Perpetual	N/A
Cisco Web Reputation Filters	Active	297 days	Sun Feb 4 04:29:42 2018

Ken Stieers · ‎04-12-2017

My S100v definitely performs better than my S170, I've got about 400 users, and 150 servers.... 2 100meg pipes to the internet.

I'm looking at going to a S300V because my logging drive gets full...

You can make L4TM work on VMware but its not worth the effort, especially so with an IPS in place.

keithsauer507 · ‎04-12-2017

I need to start researching how to migrate to the virtual appliance. So you have both, a virtual and an S170? How does that work? Do you only break out the S170 if there is an issue with the virtual?

Right now Cisco ASA 5525X use WCCP and transparent web proxy to our one and only S170. If the S170 fails or gets a software upgrade, the internet continues to work, although unfiltered. I have yet to test if you can put multiple WCCP addresses in the ASA firewall and how the firewall would behave. Would it do a load balancing? How? Round robin? Would it just utilize the first entry unless it becomes unreachable?

Where can I read more about this?

Ken Stieers · ‎04-12-2017

We actually live totally on the virtual box, and I use the hardware for testing.

The way WCCP works is that the proxy "subscribes" to the data... if its not there, the router/fw just passes it through... if there are two, it sees that the one isn't participating and just sends it all to the other one.

It will load balance the requests, how it does so is based on your config in the WSA. Google "WCCP load balancing"

The one other tweak is the acl you set up on the firewall has to be set to deny for the both/all of the WSAs otherwise your traffic could end up hitting both...