[c-nsp] ASA Throughput mess
cisconsp at SecureObscure.com
cisconsp at SecureObscure.com
Thu Feb 17 12:25:22 EST 2011
The answer to that question is entirely dependant on how the device is
configured. How many lines in how many ACLs applied to how many interfaces
with what kinds of inspection and services enabled. Everything you enable
subtracts from total system throughput.
For example, we maxed out a 5550 doing ~600meg inside->outside with PAT.
Then with logging enabled it dropped, and ACLs added it dropped, and
inspection configured and it dropped... Now it maxes out the CPU around
350mbps. Its all completely dependant on the individual situation and
configuration.
John
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of C and C Dominte
Sent: Thursday, February 17, 2011 10:58 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] ASA Throughput mess
Hi,
Does anyone know how is throughput tested for Cisco ASA applicances?
Although,
does anyone have any documents where Cisco explains what firewall throughput
means?
Is it:
- the total packets per second the entire backplane can handle, so all the
traffic across all ports, inside and outside
- just the traffic that is going outside to inside
- just the traffic that is having rules applied to it
Cannot find a definitive answer, and it seems that there is a lot of
confusion
over this particular aspect.
Thank you
Catalin
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list