Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Slowness issues after migrating from ASA 5510 to ASA 5515-X

                   I have recently migrated internet firewall from Cisco ASA 5510 to ASA 5515 - X.after migration all applications are working fine but i am receiving intermittent slowness complaints from many users.Kindly help.

1 REPLY
Silver

Slowness issues after migrating from ASA 5510 to ASA 5515-X

ASA Threat Detection Functionality and Configuration

Threat Detection provides firewall administrators with the necessary tools to       identify, understand, and stop attacks before they reach the internal network       infrastructure. In order to do so, the feature relies on a number of different       triggers and statistics, which is described in further detail in these       sections.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080bd3913.shtml

At that Dashboard you  can view the threat-detection statistics for top source top destination and top talker to help you identify the reason of network connection running slow if this is traffic related.

Netflow on ASA

NetFlow on the ASA vs IOS

The  ASA only supports NetFlow version 9 and there are no plans to support  NetFlow version 5. NetFlow on the ASA is event driven. Unlike routing  platforms we do not send incremental updates; NSEL records are only sent  during flow creation, teardown or ACL deny events. Also unlike the  routing platforms we will not populate the ToS bits or the TCP flags.  Lastly, all flows on the ASA are bidirectional. All counters for a flow  will increase for traffic flowing from A->B or B->A.

Limitations

  • Template refresh records can only be sent based on time intervals, not based on number of data records.
  • NetFlow records can not be seen live on the ASA as data is collected.
  • NetFlow  has a significant performance impact, but it should not be any worse  than normal syslog operations of the same information. There will be an  uptick in memory but it should also be minimal. NetFlow configured with  overlapping syslogs can cause a significant performance hit.

https://supportforums.cisco.com/docs/DOC-6113

Value our effort and rate the assistance!

Value our effort and rate the assistance!
226
Views
0
Helpful
1
Replies
CreatePlease to create content