• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 720
  • Last Modified:

Advice on CISCO ASA Inspection policies.

I've been testing internet download speeds via our ASA5510 firmaware version 8.2(1)

I've been downloading large Service Pack files from MS and am seeing a single session download speeds of around 200KB/S. We have an ethernet suppiled dedicated Internet connection at 4Mb.

This speed is acceptable as this actully equates to around 1.6Mb/s which is just under half of our dedicated bandwidth.

I was tweaking some settings on the ASA and disabled the HTTP protocol inspection found under configuration>Firewall>Service Policy Rules by editing the _inspection_default global policy.

The same file now downloads at around 400KB/s = 3.2Mb/s . My question is does anyone have any experience of permanently disabling this feature and if so are there any known issues caused by this. Has anyone been affected by vulnerabilities. What am I leaving our network open to. From what I gather this will mean the FW acts as a standard stateful firewall and so will not perform any for of higher layer (layers 5-7) inspection for HTTP traffic

I appreciate it performs additional security filtering and inspecting of HTTP traffic but am still unsure whether it is required. I guess it's a case of balancing download speeds with security and which is most important to us.

Any advice would be appreciated
0
PeterHing
Asked:
PeterHing
1 Solution
 
PeterHingAuthor Commented:
Hi There

Based on another fw at another site I am testing the disabling of this feature. I can see a 40% throughput improvement
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now