Call a Specialist Today! 800-886-5369

CWS Connector Sizing for ASA 5500 and ASA 5500-X
Sizing Guide for Cisco Cloud Web Security Connector with the ASA 5500 Series Adaptive Security Appliances

asa-5506-x

ASA 5500 Series Sizing

This section provides a Sizing Guide for Cisco Cloud Web Security Connector with the ASA 5500 Series Adaptive Security Appliances

Sizing numbers listed are for concurrent users. Concurrent users are usually sized at roughly 15% of the total count.

ASA 5500 Platforms Sizing

Platform User Count
5505 25
5510 75
5520 300
5540 1,000
5550 2,000

Additional notes on ASA 5500 series sizing:

  1. Sizing for Cloud Web Security (CWS) is based on concurrent users. This is roughly 15% of the total number of users who may browse the internet.
  2. Tests used HTTP/S traffic with 32K object size – every single HTTP GET was answered by an object 32K in size.
  3. Peak bandwidth per seat is 20 Kbps (measured on a 95th percentile basis).
  4. Traffic profile: HTTP – 88% and HTTPS – 12%.
  5. Tests were run with authentication using IDFW and the test setup designed such that every GET request would make the ASA apply a header to each request.
  6. The same sizing guidelines should be used in cases where no authentication is required. As the authentication is performed off-box by IDFW, the difference is negligible.
  7. Actual internet traffic profile may vary based on usage, but Cisco strongly recommends that customers adhere to the sizing guidelines above.
  8. In case of multi-context, the total number of user capacity stated per model is for the whole ASA, and can be divided across the contexts however required.

ASA 5500-X Series Platforms Sizing

This section provides a Sizing Guide for Cisco Cloud Web Security Connector with the ASA 5500-X Series Adaptive Security Appliances.

ASA 5500-X models have been tested against CWS Next Generation Towers (NGT). Sizing numbers are now for maximum bandwidth, Requests per Second (RPS, Xact/sec) that the specific models can support when redirecting traffic to a CWS NGT.

Based on their traffic profile, customers can calculate their user count. Metrics are provided for when the ASA performs authentication via CDA, and also when no authentication is performed. There are 5 levels of SSL mix from 0% through to 100% at 25% intervals.

ASA 5508-X

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput 270 260 250 220 210
Yes Xact/sec 1300 1240 1190 1070 1010
No Throughput (Mbps) 270 260 230 180 170
No Xact/sec 1300 1250 1120 850 830

ASA 5516-X

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput (Mbps) 270 260 250 230 180
Yes Xact/sec 1300 1270 1200 1090 870
No Throughput (Mbps) 280 270 200 190 180
No Xact/sec 1320 1270 920 900 860

ASA 5545-X

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput (Mbps) 420 370 300 280 270
Yes Xact/sec 2000 1770 1430 1360 1310
No Throughput (Mbps) 420 390 310 280 260
No Xact/sec 2000 1890 1700 1620 1260

ASA 5555-X

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput (Mbps) 410 400 390 390 370
Yes Xact/sec 1960 1920 1870 1840 1760
No Throughput (Mbps) 410 400 390 380 370
No Xact/sec 1950 1920 1900 1880 1860

ASA 5585-SP10

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput (Mbps) 720 660 600 580 550
Yes Xact/sec 2840 2630 2380 2300 2200
No Throughput (Mbps) 720 660 600 560 540
No Xact/sec 2840 2590 2370 2200 2150

ASA 5585-SP20

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput (Mbps) 870 850 710 700 640
Yes Xact/sec 4150 4120 3500 3370 3070
No Throughput (Mbps) 910 800 680 480 460
No Xact/sec 4350 3970 3520 3400 3040

ASA 5585-SP40

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput (Mbps) 1180 1170 690 596 450
Yes Xact/sec 6510 4570 4300 4000 3220
No Throughput (Mbps) 1300 980 840 830 820
No Xact/sec 6220 4670 4200 4100 4080

ASA 5585-SP60

Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Yes Throughput (Mbps) 1740 1080 1070 1060 1050
Yes Xact/sec 8350 5200 5140 4730 4720
No Throughput (Mbps) 1360 1040 1030 1010 1000
No Xact/sec 6500 4960 4950 4940 4850
Additional notes on ASA 5500-X series sizing:
1.     Sizing tests were performed until CPU or Memory resources reached 50% in to keep headroom for other services that may be running on the ASA.
2.     Additional 5500-X models may be tested in future.

Documentation:

Download the Cisco CWS Connector Sizing for ASA 5500 and ASA 5500-X Data Sheet (PDF).