I have recently deployed a single S650 in a customer environment which currently running in pilot mode with a few hundred clients. The box is configured in Forward Proxy Mode (non-inline), and we have URL Category Filtering and WebRoot enabled. (no McAffe). Also have AD Authentication enabled using NTML Realm. DNS is using two internal Windows DNS Servers.
We have received feedback from some end users that the performance of browsing certain websites has slowed down considerably since using the new proxy server (2-3 times slower loading). The sites they are browsing usually have a lot of dynamic content (eg www.bbc.co.uk, www.news.com.au, www.abc.net.au/news). At the moment this is purely subjective feedback, but I have no reason to doubt them.
The previous proxy solution they had been using also had URL Categories blocked (using Surf Control/MS Proxy), and the category list is the same as what we have blocked on the S650.
What I'd like to know is if this type of performance hit is to be expected when all of the security services are enabled ? Can anyone else share their experiences ?
I'm running a late build of AsyncOS 5.2 (build 467 ?).
If you don't use regex, then you will need to look at what features are turned on that can affect the performance of the box. If you only have URL filtering on then that should not be a burden on the box.
You can use the 'rate' command from the cli to look at the number of request per second.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :