Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1464
Views
2
Helpful
3
Replies

firewall utilisation very high

Elango Murugan
Level 1
Level 1

‎11-18-2006 09:07 AM - edited ‎03-11-2019 01:57 AM

Hi recentely i am facing problem in enterprice pix firewall.its goes up to 95

%.what is the average cpu utilisation and maximum utilisation for pix 525 series.

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎11-18-2006 10:33 AM

A sudden increased of cpu utilization/processing can be anything, i.e PIX handling simultaneous/thousands of attack like DoS/DDoS, viruses, unreachable external syslog server and so on. Hard to pinpoint exact reason, but you need to check the PIX, i.e log entries for a clue, connection (who has highest no of connection and using which port, like 1 IP having hundreds of connected ports) and many more.

CPU utilization depends on how intensive of traffic inspection need to be performed by PIX. Basically, PIX handling bigger network with thousands on of clients probably has higher CPU utilization compared to smaller network with small no of traffic.

But at any time, it probably should not exceed 40% or even less.

HTH

AK

Patrick Iseli
Level 7
Level 7
In response to a.kiprawih

‎11-18-2006 05:18 PM

Take a look at this guide.

Monitoring PIX Performance:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

General Troubleshooting Technotes:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_tech_notes_list.html

hope that give a starting point.

sincerely

Patrick

0 Helpful

lbhoang
Level 1
Level 1
In response to Patrick Iseli

‎11-20-2006 07:00 AM

When you experience high CPU utilization on your PIX issue the following command to show the number of connections:

show conn count

If the "in used" connections is both high and near the same level as "most used" then you're probably under denial-of-service attack such as TCP SYN half-open.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card