Cisco ASA sizing (based on capacity and feature requirements)
Posted on 2012-09-20
I'm looking for design documentation regarding Cisco ASA recommendations based on customer requirements. I've scoured the Cisco user & partner communities with no real luck - raw performance stats are easy (supported FW, IPS, FW+IPS bandwidth, maximum sessions, etc.), but nothing regarding CPU capacity based on active features.
A customer deployed a ASA 5510 a couple years ago - small deployment (<200 users, 50-Mbps Internet, 100 firewall/ACL rules, NAT - no IPS), and they experienced lockups, dropped packets, etc., due to CPU over-utilization. It's easy to size a box on datasheet capacities, but I haven't yet found docs/recommendations for real CPU capacity based on deployed features.
Can anyone reference design/sizing docs along these lines?