Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5510 performance issues

Hi, we have an ASA 5510 with about 140 defined rules in the security policy.

In our company there are some complaints about the performance throughput from one network (inside) to another (dmz).

For example, we have a ecommerce platform that resides in the dmz but uses (at startup of the services only) a database that's on the inside network. When the services of these server applications are started, it takes about 1 hour and 20 minutes to load all data needed. When I connect one of these servers directly on our internal network, the startup only takes about 40 minutes. The amount of data transferred is estimated around 6 GB. The transfer is done by a Oracle client querying an Oracle database.

Is there any reason to believe that the firewall could be a bottleneck here? Too many rules?

Are some rules more cpu-intensive to handle than others?

We also have a builtin content security scanning appliance from trendmicro, but I configured the ASA to only inspect http and smtp traffic using this board.

The CPU on the firewall shows an average value of around 4% (also during the times the ecommerce applications are loading the data from the database.

Cisco Employee

Re: ASA 5510 performance issues

I dont think that ACL's should be a problem, I will probably disable inspection of traffic and apply sniffer to check the packet flow.


CreatePlease to create content