11-04-2008 01:14 AM - edited 03-11-2019 07:07 AM
Hi
We recently had a surge in outside xlates and the counter for xlate most used shot up to 65700. Out average xlate count is 1500 and this makes the xlate monitoring graph hard to interpret.
Is it possible to reset this "most used" counter?
Regards
Fredrik
11-04-2008 02:07 AM
use #clear xlate
11-05-2008 10:34 PM
clear xlate did not do the trick. 65700 is still the "most used" xlate count.
I use a context based FWSM version 3.1(10) if that makes any difference.
/Fredrik
11-04-2008 02:10 AM
Fredrik
I'm sure you know this but just in case please do not use "clear xlate" as suggested in previous post as this will remove all active translations.
Jon
11-04-2008 02:15 AM
i agree with jon.
If you must clear the xlate table, do so at a time of low usage or during a downtime window.
Francisco
11-04-2008 02:17 AM
You can also adjust various idle timers that affect address translations and connections maintained by the firewall. Use the following commands if you feel a timeout adjustment is needed:
Xlate entry timer:
Firewall(config)# timeout xlate hh[:mm[:ss]]
By default, xlate entries involving TCP connections are be deleted after they have been idle (no data passed) for 3 hours. The minimum idle time is 1 minute, but the xlate idle timer can't be set to a value that is less than the uauth timer (the default is 5 minutes).
Xlate portmap (PAT) entries created for UDP always idle out after 30 seconds. This idle timer cannot be configured.
Francisco
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: