PIX 515E discards

Unanswered Question
Sep 24th, 2007

I installed a new monitoring package which monitors, among other things discards on interfaces. It's notified me of excessive discards on my PIX interfaces; inside, outside and DMZ - some as high as 5%.

What is the source of discards? Is a discard when the PIX drops a packet that doesn't match the device's security policy?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 09/25/2007 - 14:12


A discard can occur for quite a few reasons but basically you are correct in the way you describe it, ie. a packet that does not conform to the security policy of the firewall, whether that be the explicit access-lists in use or implicit rules of the pix such as the way it handles fragmentation.

Hope this has answered your question



This Discussion