Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
217
Views
0
Helpful
1
Replies

ssh is not working when 525 primary firewall goes to secondary

ramachandra.p
Level 1
Level 1

‎02-17-2006 12:16 AM - edited ‎03-09-2019 01:58 PM

Hi,

We are having 525 Firewall with UR and FO license. Sometimes cpu utilization will goes to 90 percent and it will go to secondary. Whenever primary goes to secondary SSH it will not work. Please help me to resolve the following 3 issues.

1.cpu process is 96 percent

2.SSH is not working

3.Automatically primary is moving to secondary.

Labels:
0 Helpful
1 Reply 1

scheikhnajib
Level 1
Level 1

‎02-17-2006 01:13 AM

Hi,

1. For the CPU issue, I would suggest that you implement an IDS policy on all your interfaces and monitor the audit counters. A possible cause is an "ICMP unreacheable" attack; this attack might drive the PIX crazy and might cause such a high utilization.

2. If you are running PIX OS 6.3 you will need to run the command "ca save all" on both units which saves the RSA keys. Writing the config to memory will not be enough unless you start using PIX OS 7.0 which saves RSA keys when typing "write mem".

3. The primary will not jump to secondary unless there is something wrong. I have failover'ed PIXs running smoothly for ages and nuthing happened. I would suggest that you go to the documentation of the PIX and read through the reasons that might cause a PIX to switch to failover and then match that against your setup.

Hope this helps.

Salem.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents