cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11574
Views
4
Helpful
6
Replies

cisco ASA 5520 Firewall Throughput

guo6688
Level 1
Level 1

It is very interesting and tricky. ASA5520 has four 1Gbps interface but the box itself only support 450Mbps (According to datasheet). How to explain this? Does this mean if the interface receive 1Gbps traffic, then firewall will drop the packets? Thank you.

6 Replies 6

Roman Rodichev
Level 7
Level 7

That is correct, traffic is queued in buffers, if dequeueing rate exceeds 450Mbps, it will be tail dropped

Regards,

Roman

Thank you Roman. So if I want to achieve line speed for 1Gbps, than ASA5520 is not option. It seems only ASA5550 up can support 1Gbps.

exactly

Does anyone know if the ASA5520 actually supports 450Mbps? Or is that best case scenario with nothing configured on it? I am running into problems with figuring out what ISR G2 router to buy because the performance specs don't seem to take NAT and routing protocols into account when they test. At least that is my guess cause I broke a 2911 today with WAY less than 180Mbps. Dual 2911(s) doing NAT Box to Box HA. Traffic got up above 50Mbps combined and the CPU was climbing. Soon after it stopped responding to SNMP queries so I don't know how high it got. Anyway it broke.

Thinking that an ASA is a better option for me as I'd imagine there processors are tuned for NAT. Anyway if anyone has any real world figures that would be awesome.

Thanks for the time.

Roman Rodichev
Level 7
Level 7

(double post, netpro is slow today)

Roman Rodichev
Level 7
Level 7

(double post, netpro is slow today)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: