[c-nsp] ASA Throughput mess

cisconsp at SecureObscure.com cisconsp at SecureObscure.com
Thu Feb 17 12:25:22 EST 2011

The answer to that question is entirely dependant on how the device is
configured. How many lines in how many ACLs applied to how many interfaces
with what kinds of inspection and services enabled. Everything you enable
subtracts from total system throughput.

For example, we maxed out a 5550 doing ~600meg inside->outside with PAT.
Then with logging enabled it dropped, and ACLs added it dropped, and
inspection configured and it dropped... Now it maxes out the CPU around
350mbps. Its all completely dependant on the individual situation and


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of C and C Dominte
Sent: Thursday, February 17, 2011 10:58 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA Throughput mess

Does anyone know how is throughput tested for Cisco ASA applicances?
does anyone have any documents where Cisco explains what firewall throughput

Is it:
- the total packets per second the entire backplane can handle, so all the 
traffic across all ports, inside and outside
- just the traffic that is going outside to inside
- just the traffic that is having rules applied to it
Cannot find a definitive answer, and it seems that there is a lot of
over this particular aspect.
Thank you


cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list