Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

firepower with asa 5506

We have purchased and configured some asa 5506's.  We have installed basic firepower on each(only ips .  No amp licenses for extra features).  Will the 5506 be strong enough resource wise to run firepower on the basic ips/ids?  

Hall of Fame Super Silver

Sure. As long as you keep the

Sure. As long as you keep the throughput below the rated maximum (125 Mbps with AVC and IPS as shown in the data sheet here: you should be just fine.

These are pretty widely deployed in just this way. 

Community Member

We have a sizing chart(a

We have a sizing chart(a spreadsheet) from our reseller which states that the 5506 with ips will reduce throughput to 68mb which is why i was asking.  Does this sound accurate?  

Hall of Fame Super Silver

As with most performance

As with most performance engineering answers, "it depends". If you measure with the data sheet metric of 1024 byte packet size and all http traffic then the answer is as specified in the data sheet.

If you drop the packet size to 450 byes then you will see performance closer to your cited number.

If you are in the grey area in between, your reseller can pull some metrics from your actual network and request Cisco partner help desk to run the actual numbers through an internal sizing tool and give you a precise estimate based on your environment.

Community Member

It's just sort of a matter of

It's just sort of a matter of who to believe.  Leaning on believing cisco but i was just wondering what throughput's people are actually getting in production.  Main features we'd be running on this level of unit would be ips/ids and anyconnect or site ipsec vpn.  

CreatePlease to create content