How do I reset "show xlate count"?

hoffa2000 · ‎11-04-2008

Hi

We recently had a surge in outside xlates and the counter for xlate most used shot up to 65700. Out average xlate count is 1500 and this makes the xlate monitoring graph hard to interpret.

Is it possible to reset this "most used" counter?

Regards

Fredrik

senthuran · ‎11-04-2008

use #clear xlate

hoffa2000 · ‎11-05-2008

clear xlate did not do the trick. 65700 is still the "most used" xlate count.

I use a context based FWSM version 3.1(10) if that makes any difference.

/Fredrik

Jon Marshall · ‎11-04-2008

Fredrik

I'm sure you know this but just in case please do not use "clear xlate" as suggested in previous post as this will remove all active translations.

Jon

francisco_1 · ‎11-04-2008

i agree with jon.

If you must clear the xlate table, do so at a time of low usage or during a downtime window.

Francisco

francisco_1 · ‎11-04-2008

You can also adjust various idle timers that affect address translations and connections maintained by the firewall. Use the following commands if you feel a timeout adjustment is needed:

Xlate entry timer:

Firewall(config)# timeout xlate hh[:mm[:ss]]

By default, xlate entries involving TCP connections are be deleted after they have been idle (no data passed) for 3 hours. The minimum idle time is 1 minute, but the xlate idle timer can't be set to a value that is less than the uauth timer (the default is 5 minutes).

Xlate portmap (PAT) entries created for UDP always idle out after 30 seconds. This idle timer cannot be configured.

Francisco