05-15-2009 05:36 AM - edited 03-09-2019 10:17 PM
When using a PIX firewall as your internet gateway, what is the best way to evaluate whether the inside interface (or any interface) is overloaded with too much traffic?
Thanks
05-15-2009 07:03 AM
SNMP is probably the best way to monitor it long term.
Short term you can do a show interface and look at the statistics.
Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 001b.d5fb.25c3, MTU 1500
IP address 10.10.154.254, subnet mask 255.255.255.0
Traffic Statistics for "inside":
3401978104 packets input, 2265073547054 bytes
3516423720 packets output, 1814495967447 bytes
20823450 packets dropped
1 minute input rate 121 pkts/sec, 125656 bytes/sec
1 minute output rate 95 pkts/sec, 7389 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 178 pkts/sec, 183746 bytes/sec
5 minute output rate 141 pkts/sec, 11178 bytes/sec
5 minute drop rate, 0 pkts/sec
Hope that helps.
05-15-2009 08:19 AM
Thanks, but how do I know if there is too much traffic entering that interface.. I presume by dropped packets?.. how do you clear the counters on a PIX (6.3)
05-15-2009 08:30 AM
You'll have to do some math. Bytes in/out and the bandwidth of your line. SNMP will do this for you and present a graph. Here's a link that defines each line of the show interface.
http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/s3.html#wp1421795
AFAIK the only way to clear interface counters on a PIX is to reboot it.
Check this link for clear traffic. It might give you what you're looking for.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml
05-15-2009 11:05 AM
You could also use PDM for monitoring your interfaces.
If you enable PDM history it will save metrics for up to 5 days too :)
http://www.cisco.com/en/US/customer/docs/security/pix/pix63/command/reference/mr.html#wp1026951
05-18-2009 11:16 PM
Is there any software or application that monitors inside users usage with history ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: