Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

What to expect when ASA AIP SSM reaches maximum throughput?

Hi,

I'm just curious what happens to traffic when you have an IPS module in an ASA and it reaches the maximum throughput?

Does it allow the traffic & only inspects what it can handle? Or does it "fail" and then either allows all the traffic or block based on "fail-open" or "fail-close" configuration?

Thanks,

Brad

1 REPLY
Cisco Employee

Re: What to expect when ASA AIP SSM reaches maximum throughput?

When the sensor (SSM or any other sensor) is oversubscribed and the sensor is monitoring Inline, then a portion of the traffic will be Dropped.

The traffic will not be allowed through if it has not been inspected.

The "fail-open", "fail-close", and "bypass" are not relevant when talking about over subscription.

The only time the "fail-open", "fail-close", or "bypass" configurations comes into play is if the sensor can not do ANY analysis (either a failure, or an upgrade in progress).

141
Views
0
Helpful
1
Replies
CreatePlease to create content