cisco ASA 5520 Firewall Throughput

Unanswered Question
Jul 24th, 2009

It is very interesting and tricky. ASA5520 has four 1Gbps interface but the box itself only support 450Mbps (According to datasheet). How to explain this? Does this mean if the interface receive 1Gbps traffic, then firewall will drop the packets? Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Roman Rodichev Sat, 07/25/2009 - 07:35

That is correct, traffic is queued in buffers, if dequeueing rate exceeds 450Mbps, it will be tail dropped

Regards,

Roman

guo6688 Sat, 07/25/2009 - 16:27

Thank you Roman. So if I want to achieve line speed for 1Gbps, than ASA5520 is not option. It seems only ASA5550 up can support 1Gbps.

James Renwick Wed, 03/11/2015 - 20:14

Does anyone know if the ASA5520 actually supports 450Mbps? Or is that best case scenario with nothing configured on it? I am running into problems with figuring out what ISR G2 router to buy because the performance specs don't seem to take NAT and routing protocols into account when they test. At least that is my guess cause I broke a 2911 today with WAY less than 180Mbps. Dual 2911(s) doing NAT Box to Box HA. Traffic got up above 50Mbps combined and the CPU was climbing. Soon after it stopped responding to SNMP queries so I don't know how high it got. Anyway it broke.

Thinking that an ASA is a better option for me as I'd imagine there processors are tuned for NAT. Anyway if anyone has any real world figures that would be awesome.

Thanks for the time.

Actions

This Discussion