Advice on CISCO ASA Inspection policies.

Posted on 2012-09-13
Last Modified: 2012-09-18
I've been testing internet download speeds via our ASA5510 firmaware version 8.2(1)

I've been downloading large Service Pack files from MS and am seeing a single session download speeds of around 200KB/S. We have an ethernet suppiled dedicated Internet connection at 4Mb.

This speed is acceptable as this actully equates to around 1.6Mb/s which is just under half of our dedicated bandwidth.

I was tweaking some settings on the ASA and disabled the HTTP protocol inspection found under configuration>Firewall>Service Policy Rules by editing the _inspection_default global policy.

The same file now downloads at around 400KB/s = 3.2Mb/s . My question is does anyone have any experience of permanently disabling this feature and if so are there any known issues caused by this. Has anyone been affected by vulnerabilities. What am I leaving our network open to. From what I gather this will mean the FW acts as a standard stateful firewall and so will not perform any for of higher layer (layers 5-7) inspection for HTTP traffic

I appreciate it performs additional security filtering and inspecting of HTTP traffic but am still unsure whether it is required. I guess it's a case of balancing download speeds with security and which is most important to us.

Any advice would be appreciated
Question by:PeterHing
    1 Comment
    LVL 2

    Accepted Solution

    Hi There

    Based on another fw at another site I am testing the disabling of this feature. I can see a 40% throughput improvement

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now