Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
2
Replies

Unexplained SNMP alert on 515e 6.3(5)

m.surtees
Level 1
Level 1

‎06-26-2007 09:15 PM - edited ‎03-11-2019 03:36 AM

Hi,

Recently I've started getting the an alert re: the number of connections to the Pix.

The OID is: cfwConnectionsStatVal .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5

I know the threshold set is not that high but the interesting thing is that, if anything, this PIX should be less used than it was 3mnths ago. The alerts started about 3 weeks ago and I get one every 3 or 4 days. One problem with troubleshooting this is that by the time I get the alert, login, and check conns, cpu, mem, etc everything is as it should be.

Anyone know what could cause an unprecedented increase and should not be considered a part of normal network behavior? Should I be looking at mis-firing apps inside the network or at stuff originating from the outside?

Any advice much appeciated.

Thanks in advance,

Mike

Labels:
0 Helpful
2 Replies 2

vijayasankar
Level 4
Level 4

‎06-27-2007 08:01 AM

Hi Mike,

Have you checked the "show conn" output. Apart from the current connection usage it also shows the the max connection count.

Does it match/exceeds the threshold set by you.?

If you are having any NMS system you can monitor the connection OIDs through them as well, to examine the connection trend of this PIX.

Those graphs will give you an idea on the connection patterns in this PIX.

You can also check the syslogs from this pix, to see any abnormal connection attempts.

Hope this helps.

-vJ

0 Helpful

m.surtees
Level 1
Level 1
In response to vijayasankar

‎06-27-2007 05:36 PM

Hey VJ,

Do check conns, cpu, mem, etc but as I said the problem is gone before I get the chance. The max connection count does exceed the threshold, and as I said the threshold could be set higher as I believe this appliance is capable of 120,000 connections and i'm not getting close to that.

I have no NMS, I do have a syslog though. What should I be looking for there? Any particular error code?

I know the device is not really being pushed it's just that it is supposedly doing less work than it used to but these "threshold exceeded" mssages are new and recurring, so I'm trying to find out what could be causing them before I just band-aid the problem by raising a threshold that had not been surpassed in 2.5 years.

Regards,

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card