I was wondering what would be the ideal performance for placing the DMZs on either a physical interface or logical interface. We are using ASA 5550s, the outside is setup on GIG 0/0 and the inside is setup on GIG 1/0 for optimal performance. The ASA 5550 documentation talks about placing the outside and inside on separate PCI bus(s) to achieve maximum performance. They don't mention of having a DMZ on either bus 1 or bus 2. I'm guessing you can place it on the same bus as your inside, since the DMZ talks to the outside for hosting services but you also have a lot of backend applications that needs to communicate to your DMZ.
It all depends upon amount of the traffic. If the traffic between the outside and the dmz interface is more than b/w the inside and dmz then it would be better to put the interface on that bus where the inside interface is located otherwise on put the interface on the outside's interface bus.
If you please let me know the 'show traffic' output of the firewall then I could suggest you where to install(like which bus) the interface.
The key to install the interface is depends upon on the amount of traffic is being passed and it could analyised by looking at the 'show traffic' output of the firewall.
Thanks for the information. We are replacing our PIX-535(s) with ASAS 5550 (s). The output below is from one of our PIX-535(s). I plan on having the outside on gig0/0, inside gig 0/1, and the DMZ on gig 1/0. The inside traffic would never traverse GIG 0/0 so I think it makes sense to have it on GIG 0/1. What do you think?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...