IT Guy

<div>
i am looking into another option <br />
we have a 500 MB internet line that goes into my layer 3 switch - the 500 MB drop has 2 options for connection, one for Ethernet cable which we are using and one for Fiber<br />
<br />
wondering if the fiber option to the Layer 3 switch will produce a higher bandwidth
</div>


<div>
That's quite possible, but I would assume your firewall would be behind the switch, so it would still be the bottleneck. Same results.
</div>


<div>
you are correct but figured i'll start from the top down hahaha. will share results after
</div>


<div>
Yeah, you would still need the security of the firewall. The switch would just be a bump in the wire.
</div>


<div>
You will not see any noticeable difference in speed switching between a copper handoff vs a fiber handoff. &nbsp;If they are delivering you 500Mb of internet that means they are handing it to you on a gigabit ethernet port. &nbsp;That gigabit ethernet port can be electrical (Cat6) or optical (fiber), but it is still a gigabit port. &nbsp;Your internet handoff is half of that port speed. &nbsp;You will not notice a difference. &nbsp;At the gigabit level, fiber will cost you a little more because you will need to have the fiber patch cables and the optics to support it on both sides but this cost is generally negligible. &nbsp;The benefit you will get out of fiber has to do with the fact that electricity is not carrying over it. &nbsp;This means that it has built in power surge protection from surges coming from the provider's equipment into yours in the case of a lightening strike or a bad power surge. &nbsp;Not to say your equipment can't get hit through its own A/C or D/C adapter, but it will definitely not take a hit coming through the fiber. &nbsp;Cat5/6 are all electrical so it always carries this potential. &nbsp;In locations where power surges and lightening strikes are high it is normal to run fiber almost everywhere.
</div>


<div>
Ken Boone - if that's the case - i guess i'm back to the Firewall bottleneck or do you recommend looking at something else?<br />
<br />
my dell layer 3 switch has 10 GB SFP Port but my users are connecting to gigabit layer 2 switches
</div>


<div>
So lets start by telling what the symptoms are that you see and lets go from there. &nbsp;You said that the throughput on the firewall is low.. how did you determine that. &nbsp;you also said it is throttling bandwidth.. again how did you determine that.
</div>


<div>
we have Cat 5 E run in our office - if i run a speed test on the user PC, i get approx 95 MB to 105 MB speed. all PC' have 1GB network cards<br />
<br />
i figured its the FW because the throughput that is built with the FW seems to be lower than 500MB
</div>


<div>
What speed were you expecting from the test? Is the pc you tested the only one on the network at the time of the test? Was the firewall only servicing that particular pc at the time of the test? Meaning it was not dealing with it's other production responsibilities?
</div>


<div>
If you performed this test under normal production conditions. Meaning other traffic was traversing the firewall as well, I can very well see you getting those speeds.
</div>


<div>
Ok so that is not conclusive as to the problem being the firewall. &nbsp;There are numerous things that could be causing that.<br />
<br />
Duplex mismatch -somehwere in the network - firewall port - provider , switchport to PC etc..<br />
Provider is not really provisioned for 500Mb - seen this many times.<br />
Could be the firewall<br />
Could be switch configuration issues lots of things.<br />
<br />
Who is the provider? &nbsp;Do they provide a speedtest site within their network? &nbsp;If so that is what you should be using.<br />
<br />
This is a test I would perform. &nbsp;It is disruptive and will bring your internet down while you do it for the rest of your network.<br />
Disconnect your firewall from the provider. &nbsp;Instead connect a PC to that port and configure the PC to use the same address the WAN side of the firewall was using. &nbsp;<br />
<br />
Then run speed test to the providers speedtest server from that PC. &nbsp;IF you are only getting 95-100Mb then the problem is with the provider. &nbsp;If you see something in the 400+ range you know you are getting the internet speeds you should be getting.<br />
<br />
This test lets you know right away if the problem is your network or the provider. &nbsp;I would start there.
</div>


<div>
ok i will go through your recommendations and check<br />
<br />
also looking to buy a new layer 2 switch for user patch panel - thoughts on getting this?<br />
<br />
Cisco SG350X-48MP 48-Port Gigabit PoE Stackable Managed Switch<br />
<br />
<a href="https://www.amazon.com/Cisco-SG350X-48MP-48-Port-Gigabit-Stackable/dp/B06XPN1FX6" rel="ugc">https://www.amazon.com/Cisco-SG350X-48MP-48-Port-Gigabit-Stackable/dp/B06XPN1FX6</a>
</div>


<div>
i pull the trigger and got the switches Cisco SG350X-48MP 48-Port Gigabit PoE Stackable Managed Switch
</div>


<div>
One thing you can use as to convince a replacement is that the 5520 is End of Life and End of Support. You should really move over to something new.
</div>


<div>
<div class="content wysiwyg-content">
i have a Cisco ASA 5520 and 500MB internet/bandwidth line, the problem is the throughput on the FW is low and it throttles the bandwidth. Execs don't want me to upgrade now so i was wondering is there some kind of add on i can use &nbsp;<br />
<br />
<br />
ASA 5520<br />
1: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz<br />
2: Up to 2048MB RAM<br />
3: Intel Celeron M Processor 450 2.0GHz<br />
4: Cavium Nitrox Lite CN1010
</div>
</div>


i have a Cisco ASA 5520 and 500MB internet/bandwidth line, the problem is the throughput on the FW is low and it throttles the bandwidth. Execs don't want me to upgrade now so i was wondering is there some kind of add on i can use  


ASA 5520
1: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
2: Up to 2048MB RAM
3: Intel Celeron M Processor 450 2.0GHz
4: Cavium Nitrox Lite CN1010

Cisco ASA Firewall 5520 throughput

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Routers

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.