[c-nsp] ASA 5550 url-filtering capacity
John Exum
jexum at harding.edu
Mon Dec 5 15:32:33 EST 2011
We are seeing a similar problem at Harding. We use Smartfilter instead of
Websense and I use ASA5520s. It does appear to happen at random times for
us, and it appears to be somewhat load related. I would like to hear any
information you have on a solution to the issue if you find one.
John L. Exum
Network Manager
Harding University
On Mon, Dec 5, 2011 at 2:23 PM, Rick Ernst <cnsp at shreddedmail.com> wrote:
> We are running into "slow web sites" and random/incorrect 403's on a
> 5550 as an internet gateway doing NAT for an enterprise with upwards
> of 40,000 users.
>
> CPU is hitting 80-90% with url-filter enabled vs 30-35% without. I'm
> trying to point to a platform/performance limitation, but I can't find
> anything specifically for url-filtering capacity on the ASA platform.
>
> We've maxed at url-block/url-memblock and tried increasing the number
> of concurrent connection from 8 to 50 (and back down to 25). The more
> connections we enable seems to help, but we are still seeing sluggish
> performance with url-filtering (to Websense on a local interface)
> enabled.
>
> Any pointers to actual "useful capacity" on a 5550?
>
> Thanks,
> Rick
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list