Guides
Secure Access Help Center

Estimate Peak Traffic to Custom Targets for Default Endpoint Tests

Endpoint tests sent to custom targets (whether public or private) can generate high network traffic that can impact the target's performance. Before selecting a custom target for a default endpoint test, we recommend that you run the following calculation to estimate peak traffic to ensure your network and server have the capacity to handle the load. You can also attempt to reduce the volume of traffic by following the strategies provided in this topic.

Traffic Calculation

Peak bandwidth=A x N

  • A=Agent bandwidth for a single test (in KB). Peak bandwidth is 97.1KB per agent.
  • N=Number of agents. By default, all agents are included in the default test.
    • Note: If you schedule multiple tests to the same custom target, each test will contribute to the peak. To get the correct total, add the test values.

Consult with internal teams (IT, network, or firewall administrators) to compare the results to your network and server capacity to ensure that your systems can withstand the load.

📘

Traffic Calculation Example

A=97.1KB

N=1000 agents

Peak bandwidth=97,100KB (97.1MB)

Mitigation Strategies

To reduce the volume of traffic that is generated to custom targets:

  • Increase the test interval to spread the traffic over a longer time period.
  • Change the default test target (RAVPN, Zero Trust Access, or SWG remote module) or custom target that is more capable of managing the load.
  • Increase the capacity of your backhauling infrastructure.
    • If using IPsec tunnels, provision traffic backhauling over your edge infrastructure that is capable of handling increased traffic load.
    • If using resource connectors, add additional connectors to resource connector groups to increase the ability to handle the traffic load.

Recovery Options

If your system crashes or becomes unavailable due to high traffic sent to a custom target, do the following:

  • For public targets: The SaaS provider may block traffic that is sent from Cisco IP addresses. The traffic may mimic the characteristics of a distributed denial-of-service (DDoS) attack, potentially disrupting legitimate user access by overloading system resources. Contact Cisco support.
  • For private targets: Seek assistance from your IT or network administration team.

About Endpoint Agent Tests < Estimate Peak Traffic to Custom Targets for Default Endpoint Tests > Create HTTP Server Tests

Updated 3 days ago