cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
386
Views
0
Helpful
5
Replies

Performance / Utilization

networker99
Level 1
Level 1

When using a PIX firewall as your internet gateway, what is the best way to evaluate whether the inside interface (or any interface) is overloaded with too much traffic?

Thanks

5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

SNMP is probably the best way to monitor it long term.

Short term you can do a show interface and look at the statistics.

Interface Vlan1 "inside", is up, line protocol is up

Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec

MAC address 001b.d5fb.25c3, MTU 1500

IP address 10.10.154.254, subnet mask 255.255.255.0

Traffic Statistics for "inside":

3401978104 packets input, 2265073547054 bytes

3516423720 packets output, 1814495967447 bytes

20823450 packets dropped

1 minute input rate 121 pkts/sec, 125656 bytes/sec

1 minute output rate 95 pkts/sec, 7389 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 178 pkts/sec, 183746 bytes/sec

5 minute output rate 141 pkts/sec, 11178 bytes/sec

5 minute drop rate, 0 pkts/sec

Hope that helps.

Thanks, but how do I know if there is too much traffic entering that interface.. I presume by dropped packets?.. how do you clear the counters on a PIX (6.3)

You'll have to do some math. Bytes in/out and the bandwidth of your line. SNMP will do this for you and present a graph. Here's a link that defines each line of the show interface.

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/s3.html#wp1421795

AFAIK the only way to clear interface counters on a PIX is to reboot it.

Check this link for clear traffic. It might give you what you're looking for.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

You could also use PDM for monitoring your interfaces.

If you enable PDM history it will save metrics for up to 5 days too :)

http://www.cisco.com/en/US/customer/docs/security/pix/pix63/command/reference/mr.html#wp1026951

Is there any software or application that monitors inside users usage with history ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: