F5F Stay Refreshed Power Users Networks Throughput measurement on the Cisco ASA 5512-X device

Throughput measurement on the Cisco ASA 5512-X device

Throughput measurement on the Cisco ASA 5512-X device

C
CleanerHook54
Junior Member
Find
39
08-16-2016, 04:03 PM
#1
I handle network tasks in a school setting and need to update an older Cisco ASA 5512-X for routing and security. Even though it has 1GbE ports, its performance varies based on usage. Cisco guidelines state the throughput for various services: IPS handles 250 Mbps without extra hardware, while the next-gen firewall supports 200 Mbps for multiprotocol traffic. Our connection offers 200Mb up/200Mb down, and we use web filtering that decrypts and re-encrypts data. My goal is to set the ASA as a router and firewall, keeping only necessary ports open and adding others as needed. My concern is whether this device will limit the connection to 200Mb instead of the full 400Mb available.
Reply
Reply
C
CleanerHook54
08-16-2016, 04:03 PM #1

I handle network tasks in a school setting and need to update an older Cisco ASA 5512-X for routing and security. Even though it has 1GbE ports, its performance varies based on usage. Cisco guidelines state the throughput for various services: IPS handles 250 Mbps without extra hardware, while the next-gen firewall supports 200 Mbps for multiprotocol traffic. Our connection offers 200Mb up/200Mb down, and we use web filtering that decrypts and re-encrypts data. My goal is to set the ASA as a router and firewall, keeping only necessary ports open and adding others as needed. My concern is whether this device will limit the connection to 200Mb instead of the full 400Mb available.

Reply
Reply
M
Mr__Rabbit
Junior Member
Find
17
08-16-2016, 11:59 PM
#2
I think the boundary is one-way, so you should be able to hit that speed in both ways. However, if you configure it just as a router and simple firewall (only permit or block at the network layer), then you’ll experience these restrictions as shown on that page: Stateful inspection throughput (max): 1 Gbps Stateful inspection throughput (multiprotocol): 500 Mbps
Reply
Reply
M
Mr__Rabbit
08-16-2016, 11:59 PM #2

I think the boundary is one-way, so you should be able to hit that speed in both ways. However, if you configure it just as a router and simple firewall (only permit or block at the network layer), then you’ll experience these restrictions as shown on that page: Stateful inspection throughput (max): 1 Gbps Stateful inspection throughput (multiprotocol): 500 Mbps

Reply
Reply
T
timo_1892
Senior Member
Find
715
08-17-2016, 01:52 AM
#3
Thats also best case scenario. Real world traffic I would say more around 300mbps but still way within OPs range.
Reply
Reply
T
timo_1892
08-17-2016, 01:52 AM #3

Thats also best case scenario. Real world traffic I would say more around 300mbps but still way within OPs range.

Reply
Reply
A
afroKing42
Member
Find
51
08-18-2016, 03:02 AM
#4
It handles WAN to LAN traffic with basic NAT settings, achieving roughly 650-700Mbit/s. Performance may increase with more complex rules, but heavier rule sets reduce speed. Disable IPS if using on another device.
Reply
Reply
A
afroKing42
08-18-2016, 03:02 AM #4

It handles WAN to LAN traffic with basic NAT settings, achieving roughly 650-700Mbit/s. Performance may increase with more complex rules, but heavier rule sets reduce speed. Disable IPS if using on another device.

Reply
Reply