FPR-2110 slow network issue- VPN throughput

Loc Nguyen · ‎01-29-2021

Hi,

This firewall have about 10 site to site VPN via WAN networks. I have slow network issue. When other sites send data to this site, the speed is OK. But when this site sends data to other sites, the speed is slow. I could not find issues anywhere that make me think the firewall is overload is the issue.

https://www.cisco.com/c/en/us/products/collateral/security/firepower-2100-series/datasheet-c78-742473.html

The link above shows that this model can handle 500Mbps VPN throughput.

The WAN interface is where the VPN traffic in and out.

I see WAN throughput is about 100Mbps

All psychical interface throughput is about 300Mbps.

Did I count the throughput correctly? Should the firewall is the issue?

Below is the show traffic result of the firewall.

AAA-cth-fw# show traffic
transcore:
received (in 3137816.854 secs):
1972689867 packets 162340097011 bytes
0 pkts/sec 51000 bytes/sec
transmitted (in 3137816.854 secs):
9994396046 packets 13619621728820 bytes
3000 pkts/sec 4340000 bytes/sec
1 minute input rate 0 pkts/sec, 59 bytes/sec
1 minute output rate 0 pkts/sec, 56 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 59 bytes/sec
5 minute output rate 0 pkts/sec, 56 bytes/sec
5 minute drop rate, 0 pkts/sec
outside:
received (in 3137816.864 secs):
4616778549 packets 685606924488 bytes
1000 pkts/sec 218001 bytes/sec
transmitted (in 3137816.864 secs):
9041214100 packets 12263509127430 bytes
2001 pkts/sec 3908000 bytes/sec
1 minute input rate 218 pkts/sec, 35069 bytes/sec
1 minute output rate 325 pkts/sec, 326239 bytes/sec
1 minute drop rate, 1 pkts/sec
5 minute input rate 169 pkts/sec, 27527 bytes/sec
5 minute output rate 249 pkts/sec, 254552 bytes/sec
5 minute drop rate, 0 pkts/sec
inside:
received (in 3137816.864 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3137816.864 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
WAN:
received (in 3137816.864 secs):
67483037188 packets 65087379990176 bytes
21001 pkts/sec 20742001 bytes/sec
transmitted (in 3137816.864 secs):
64084522443 packets 46844308134888 bytes
20000 pkts/sec 14928000 bytes/sec
1 minute input rate 8299 pkts/sec, 4205922 bytes/sec
1 minute output rate 13197 pkts/sec, 14240722 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 8478 pkts/sec, 5067966 bytes/sec
5 minute output rate 12548 pkts/sec, 13244156 bytes/sec
5 minute drop rate, 23 pkts/sec
eof-cth:
received (in 3137816.874 secs):
66873822037 packets 58953705252849 bytes
21000 pkts/sec 18788000 bytes/sec
transmitted (in 3137816.874 secs):
65562989655 packets 52474575620104 bytes
20000 pkts/sec 16723000 bytes/sec
1 minute input rate 12220 pkts/sec, 13187999 bytes/sec
1 minute output rate 8164 pkts/sec, 3250671 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 11559 pkts/sec, 12275216 bytes/sec
5 minute output rate 8392 pkts/sec, 4168267 bytes/sec
5 minute drop rate, 0 pkts/sec
diagnostic:
received (in 3137816.884 secs):
2829675 packets 1291985186 bytes
0 pkts/sec 1 bytes/sec
transmitted (in 3137816.884 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 115 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 130 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
nlp_int_tap:
received (in 3137816.894 secs):
193611 packets 22083826 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3137816.894 secs):
183630 packets 18709635 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 12 bytes/sec
1 minute output rate 0 pkts/sec, 10 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 2 bytes/sec
5 minute output rate 0 pkts/sec, 2 bytes/sec
5 minute drop rate, 0 pkts/sec
ccl_ha_nlp_int_tap:
received (in 3137816.894 secs):
8 packets 536 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3137816.894 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
ha_ctl_nlp_int_tap:
received (in 3137816.894 secs):
8 packets 536 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3137816.894 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

----------------------------------------
Aggregated Traffic on Physical Interface
----------------------------------------
Internal-Data0/1:
received (in 3137816.904 secs):
140948706287 packets 128046981132237 bytes
44000 pkts/sec 40807001 bytes/sec
transmitted (in 3137816.904 secs):
148683122855 packets 128474329032031 bytes
47000 pkts/sec 40943000 bytes/sec
1 minute input rate 20739 pkts/sec, 17894765 bytes/sec
1 minute output rate 21688 pkts/sec, 18295487 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 20209 pkts/sec, 17824579 bytes/sec
5 minute output rate 21192 pkts/sec, 18133310 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Control1/1:
received (in 3137816.904 secs):
8 packets 648 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3137816.904 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data1/1:
received (in 3137816.904 secs):
193611 packets 24794380 bytes
0 pkts/sec 1 bytes/sec
transmitted (in 3137816.904 secs):
183629 packets 21280365 bytes
0 pkts/sec 1 bytes/sec
1 minute input rate 0 pkts/sec, 13 bytes/sec
1 minute output rate 0 pkts/sec, 11 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 2 bytes/sec
5 minute output rate 0 pkts/sec, 2 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data1/2:
received (in 3137816.904 secs):
8 packets 648 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3137816.904 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Management1/1:
received (in 3137816.914 secs):
2830392 packets 1331656768 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 3137816.914 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 118 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 133 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec

Georg Pauwen · ‎01-29-2021

Hello,

so out of all these 10 sites, this one is the only one where sending data is slow ? There are no (or almost no) drops in the statistics you have posted. The culprit could be the underlying network. What ISP link has been provided to you ?