I have a PIX-515, 64 MB RAM, CPU Pentium 200 MHz and Flash i28F640J5 @ 0x300, 16MB, BIOS Flash AT29C257 @ 0xfffd8000, 32KB. I am running Cisco PIX Firewall Version 6.3(4) on it currently.
Right now my CPU usage is around 88% and fluctuates up into the 90% range and thus customer internet speeds are fairly slow. How can I tell if I am maxing out on the number of connections or if there is some other problem with it?
What sort of connection is chewing up your bandwidth is it TCP or UDP - issue: sho conn det plus sho xlate det, also if you have access to an internal or external router that's connected to the PIX you could enable IP Accounting on the router to see what's consuming your bandwidth.
You could also speak to your ISP for advice/help. Have you got syslog enabled?
All the information is in the URL that I posted. When you issue sho conn det are the connection being made from one internal host or is it random? And which port are these connections being made from/to? Is the connection being formed to one destination ip address or random addresses plus which port?
How many internal hosts do you have? How may servers? I'm just thinking it might/might not be some sort of DoS attack - of course I might be wrong.
If you enable syslog - post the syslog info here (taking out any sensitive info), post only the high number conenctions i.e. UDP in your case.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...