cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
475
Views
4
Helpful
2
Replies

CSC- Performance issues

jsteffensen
Level 1
Level 1

Hi Everyone.

We have discovered a performance impact on the SSM-CSC module. This occured after about 1 month of service.

Some websites are now extremely slow, or not possible to access due to timeouts. Most other websites are experienced as “slower than it used to be”.

As soon as HTTP is removed from the Service -Policy-Rule on the firewall, the access to internet webbrowsing is as “fast as normal”

.

As soon as the site is included on the “Block List exeptions” configured on the CSC-SSM, most of the sites are "as fast as normal" again.

Following sites has been verified to be affected:

o Sites with Google-Analytics scripts

o Many Lotus Domino (.nsf) web sites

Does anyone has some simular experienceses and advice for fix ?

- it cant be that all slow sites must be exepted....

(i have heard that recovering the module --- now and then --- and confinuring everything again, will make it work for a while...)

Greetings

Jarle

2 Replies 2

Hi,

I have the same problem in our ASA 5520 with SSM-CSC module. It has been working for 1 year and some time ago people started to complain. I now can see that CSC SSM CPU Usage is a sustained 20%, and have some 60% or even more peaks.

Hi Jarle,

You mentioned that you are having performance issues with the CSC module and you also mentioned "As soon as HTTP is removed from the Service -Policy-Rule on the firewall, the access to internet webbrowsing is as “fast as normal”".

You should not inspect traffic with both the CSC module and the HTTP inspection, as this will cause the performance issues you are noticing. This is why performance returns to normal when you disable one of the two inspection methods.

I would recommend disabling the HTTP inspection in the global service policy permanently. This is mostly doing protocol conformance checking. Let the CSC module handle all of your web inspection and you should be fine.

Also, while you're looking into this issue, it is also a good idea to upgrade your CSC module to the latest software (if you haven't already).

Hope that helps.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: