My application team has a requirement to run a single TCP connection over FWSM up to 380mbps. However the Cisco FWSM limits a single TCP connection throughput to 200mbps (with 1500 MTU)!
The reason is because packets leaving FWSM may not be in the same sequence as they entered, and thus slow down TCP connections. There is a sysopt command that disable that feature, and now I can ran a single TCP connection at 400mbps over FWSM with 1500 as the MTU.
The command is:
sysopt np completion-unit
It is applied on the admin context if you are running multiple contexts.
It is recorded as Cisco bug CSCsj56795.
The command is in the FWSM Command Reference.
Firewall,
Performance
Security
