Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Planning Cisco ASA Migration

I'm planning to migrate an ASA firewall to a ASA NGFW-X.

I know there are a Cisco migration path recommendations, but I would like to test the current firewall with some commands to know this firewall is not at its performance limit and to make the decision based in some data or study

what commands can I use to test the current firewall performance?

Everyone's tags (1)
Cisco Employee

Hi,Checking performance on


Checking performance on the ASA device can be tricky. You would see the normal indicators as the latency , throughout speeds etc.

These are some of the commands that would give an indication about the ASA heath:-

1) show int details :- Check for interface errors

2) show cpu :- Check for High CPU

3) show mem :- Check for High Memory

4) show blocks:- For any block depletion.

These are some of the Basic indicators.

Let me know if you have any other queries.

Thanks and Regards,

Vibhor Amrodia

Community Member

I don't have errors, but I

I don't have errors, but I have dropped packets.

Suppose dropped packets are for ACL filtering not for performance issues, true?

Cisco Employee

Hi,Yes , those are only for


Yes , those are only for the packets which are being dropped by the configured policies on the ASA device. So , you can ignore them.

Thanks and Regards,

Vibhor Amrodia

CreatePlease to create content