ssh is not working when 525 primary firewall goes to secondary

Unanswered Question
Feb 17th, 2006
User Badges:


We are having 525 Firewall with UR and FO license. Sometimes cpu utilization will goes to 90 percent and it will go to secondary. Whenever primary goes to secondary SSH it will not work. Please help me to resolve the following 3 issues.

1.cpu process is 96 percent

2.SSH is not working

3.Automatically primary is moving to secondary.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
scheikhnajib Fri, 02/17/2006 - 01:13
User Badges:
  • Bronze, 100 points or more


1. For the CPU issue, I would suggest that you implement an IDS policy on all your interfaces and monitor the audit counters. A possible cause is an "ICMP unreacheable" attack; this attack might drive the PIX crazy and might cause such a high utilization.

2. If you are running PIX OS 6.3 you will need to run the command "ca save all" on both units which saves the RSA keys. Writing the config to memory will not be enough unless you start using PIX OS 7.0 which saves RSA keys when typing "write mem".

3. The primary will not jump to secondary unless there is something wrong. I have failover'ed PIXs running smoothly for ages and nuthing happened. I would suggest that you go to the documentation of the PIX and read through the reasons that might cause a PIX to switch to failover and then match that against your setup.

Hope this helps.



This Discussion