I recently migrated from pfSense as a perimeter firewall for end-user internet traffic to a Cisco ASA 5510. I have noticed a marked decrease in average available bandwidth after the migration.
I have been informed the ASA's QoS options are fairly limited and true per flow QoS is unavailable.
I have implemented the following commands to shape outbound traffic within the bandwidth rate allowed by the cable connection.
shape average 6000000
service-policy ShapeOutside interface outside
Is there anything else I can do to optimize the ASA for broadband internet? Is there any way to ensure, using the ASA 5510 or the core Cat4507, that individual users can use the entire internet pipe when available but cannot capitalize its use when other users are contending for access?