11-14-2011 10:37 PM - edited 03-11-2019 02:50 PM
Hi Experts,
I having pix515e. which is experienceing high memory utilization.
Please see the output of some of the commands mentioned below and advice.
sh version
=======
sh ver
Cisco PIX Security Appliance Software Version 7.2(4)
Device Manager Version 5.2(4)
Compiled on Sun 06-Apr-08 13:39 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"
C17440-BJ08-PIX2 up 19 days 11 hours
failover cluster up 322 days 11 hours
Hardware: PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : address is 001d.a215.5878, irq 10
1: Ext: Ethernet1 : address is 001d.a215.5879, irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 6
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.
Serial Number: 907380160
Running Activation Key: 0xf72c7fe2 0x81fb96d9 0x70dab81b 0x67d49718
Configuration last modified by admin at 23:04:57.814 UTC Mon Nov 14 2011
Sh process memory
===============
sh processes mem
--------------------------------------------------------------
Allocs Allocated Frees Freed Process
(bytes) (bytes)
--------------------------------------------------------------
738 5813309 6 180 *System Main*
6 1020758 0 0 lu_ctl
5881 16314140 0 0 listen/ssh
55 198752 10 1736 fover_thread
3 52 0 0 listen/telnet
29 20623 4 4179 ci/console
1369 101004 0 0 IKE Receiver
0 0 0 0 557statspoll
6 14112 2 8324 Integrity FW Task
0 0 0 0 557mcfix
0 0 0 0 RADIUS Proxy Time Keeper
4 4160 0 0 RADIUS Proxy Listener
0 0 0 0 EAPoUDP
0 0 0 0 Thread Logger
0 0 0 0 RADIUS Proxy Event Daemon
1 24 0 0 EAPoUDP-sock
1083 884444 985 824544 accept/http
0 0 0 0 dbgtrace
4975863 484317332 2 32900 Logger
139919 9229508 141125 9227251 IKE Daemon
0 0 4975973 484318600 SNMP Notify Thread
0 0 0 0 SMTP
0 0 0 0 IKE Timekeeper
3 332 2165 17320 tcp_thread
0 0 138 10744 SSL
0 0 0 0 pm_timer_thread
0 0 0 0 udp_thread
0 0 0 0 uauth_urlb clean
7 8960 0 0 icmp_thread
342 12804 611 22696 aaa
0 0 0 0 Crypto CA
114 7896 2 336 ARP Thread
0 0 0 0 Reload Control Thread
0 0 0 0 Uauth_Proxy
0 0 0 0 Crypto PKI RECV
0 0 0 0 IP Thread
4 311638 16 74784 uauth
2775752 492746710 2581384 481804512 tmatch compile thread
0 0 0 0 lu_dynamic_sync
6 21172 0 0 Session Manager
0 0 0 0 IP Background
0 0 0 0 lu_rx
6921436 6558200766 6928565 6597548358 Dispatch Unit
0 0 0 0 ICMP event handler
76 16069 33 10725 fover_FSM_thread
140 13360 108 40576 NAT security-level reconfiguration
0 0 0 0 ha_trans_data_tx
0 0 0 0 block_diag
0 0 2 8324 Checkheaps
0 0 6 49548 vpnlb_timer_thread
0 0 0 0 ha_trans_ctl_tx
13 802004 0 0 emweb/cifs
0 0 0 0 Client Update Task
0 0 0 0 ppp_timer_thread
0 0 0 0 fover_serial_tx
0 0 0 0 QoS Support Module
0 0 0 0 L2TP mgmt daemon
13 4432 0 0 fover_serial_rx
22 308 55 1936 IP Address Assign
0 0 0 0 L2TP data daemon
19 3220 1 32 fover_health_monitoring_thread
0 0 0 0 NTP
6 44178 2 8324 route_process
0 0 0 0 CTM message handler
0 0 0 0 fover_ifc_test
1339 10963796 7 104 listen/https
1 65572 0 0 PIX Garbage Collector
1162 418724 1075 83012 IPsec message handler
12890 18737552 226583 26787920 fover_parse
0 0 2 32900 qos_metric_daemon
0 0 0 0 Chunk Manager
0 0 0 0 CTCP Timer process
844 276080 845 276092 fover_rep
0 0 0 0 udp_timer
0 0 0 0 fover_ip
0 0 95 760 tcp_slow
0 0 0 0 fover_tx
0 0 0 0 Integrity Fw Timer Thread
0 0 0 0 tcp_fast
2 2848 0 0 fover_rx
0 0 0 0 vpnfol_thread_unsent
0 0 0 0 arp_forward_thread
0 0 0 0 vpnfol_thread_sync
2 24 0 0 arp_timer
0 0 0 0 vpnfol_thread_timer
0 0 0 0 emweb/cifs_timer
0 0 2 24 NIC status poll
43 8423 39 5588 vpnfol_thread_msg
624 20304 628 20420 ssh/timer
2 8324 12 58136 vpnlb_thread
1 40 0 0 update_cpu_usage
107601 3516909 107577 3501273 ssh
==========
It is having 128MB RAM, out of this 122MB is showing as utilized. Please advice.
Thanks
Vipin
11-14-2011 11:03 PM
Hi Vipin,
Can you disable the logging and threat-detection on the PIX? These high CPu issues are difficult to troubleshoot on the forum, because you need complete access to the device, to collect outputs, chcek the traffic, chcek the amount of configuration done on the PIX and also the number of connections going through the firewall. So it might become difficult to troubleshoot here. I would suggest you open a TAC case for it, so that you get a quicker resolution on this.
Thanks,
Varun
11-15-2011 12:16 AM
Hi ,
How can i disable threat detection in PIX?
Thanks
Vipin
11-15-2011 02:24 AM
Hi Vipin,
I just checked, threat-detection is not there in PIX, maybe I just got it mixed up , so you don't need to remove it.
Thanks,
Varun
11-17-2011 09:18 PM
Hi,
I disabled logging. but no use. This memory means RAM right? Ususally what may be the reason to more memory utilization? I am also having a standyby PIX of same s/w version. it is also having high memory utilization. aroung 120MB utilized out of 128MB.
Please advice.
Thanks
Vipin
11-17-2011 10:00 PM
Hello,
Are you seeing any errors on the interfaces? Overruns, underruns or CRC errors?
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide