Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Latency caused by Firewall


Installing two PIX-515E Firewalls (Failover Pair) on a customer site. The outside interface connects directly with a 10MBps link to the internet. When I am measuring throughput however, I am only getting an average of 2.5MBps download speed. When I remove the firewalls completely and connect a laptop directly to the same 10MBps internet line, I am getting average download speeds of 7MBps.

What sort of latency should I be expecting with the PIX-515E firewalls. There are no VPNs being used at present,so I am unable to explain the big difference in throughput

There is no QoS configured.

The Software version is 7.2(2)

I have powered off the Standby PIX just in case it was something to do with it - but it made no difference

Any ideas ?

Community Member

Re: Latency caused by Firewall

Wow that's a huge difference. Verify that the PIX's interfaces and the far-end switch/hub/device are both set to 100/full.


Community Member

Re: Latency caused by Firewall


All interfaces set to 100Full.

It was the Global Service-Policy that comes as default with version 7.X

As soon as I turned it off

no service-policy global_policy global

Download and Upload speeds went up to averages of between 7MB and 8MB


Re: Latency caused by Firewall

how much memory in the pix?


Re: Latency caused by Firewall

Run the command "show asp drop" several times from the command line, and look to see if the out-of-order packet buffer full counter is rapidly climbing. If so, you are running into a limitation of the 7.X operating system (especially with the PIX). If you had an ASA, you could implement the workaround, but the PIX doesn't have the ability to implement the workaround.

** Please rate ***



CreatePlease to create content