RE: [fw-wiz] PIX-515 acceptable CPU usage?

From: Ahmed, Balal (balal.ahmed_at_capgemini.com)
Date: 09/16/04

  • Next message: Philip J. Koenig: "[fw-wiz] Weird SMTP issue" 
    To: "Adam Greene" <maillist@webjogger.net>, <firewall-wizards@honor.icsalabs.com>
Date: Thu, 16 Sep 2004 15:03:37 +0100

    Some time ago cisco Documentation used to say that if your PIX firewall is
    running at 30% sustained utilization then an upgrade is advised. The latest
    version of this document [1] no longer includes a baseline figure. I suppose
    the reason for this is that each deployment is different.

    I suggest you go back to first principles and monitor your pix to generate a
    baseline for yourself e.g.

    1) SNMP CPU graphing (using something like mrtg to monitor CPU levels)
    2) Monitor/graph latency through the firewall
    3) On the pix you could also monitor the memory blocks available (show
    blocks) this tells you if there is RAM available for processing [1]

    Having good historical data to hand will help detect and plan upgrade points
    better than manually logging on and checking stats sporadically. As we all
    know a good set of graphs can help sell the idea to budget controllers.

    HtH

    [1]

    http://www.cisco.com/warp/customer/110/pixperformance.html#intro

    This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Philip J. Koenig: "[fw-wiz] Weird SMTP issue"

    Relevant Pages

    • Re: Win XP Pro Fax Doesnt Track Anything
      ... In november 2003 I installed the Norton Firewall 2004 and Norton Antivirus ... Monitor does not appear when you receive a fax call. ... If you see a NIS alert message for a file that is in the Microsoft Fax ...
      (microsoft.public.windowsxp.print_fax)
    • Re: Kindly help me with this PIX problem
      ... If you have read the configuration that I posted, ... firewall configuration didn't change over many years and it did work ... PIX, our company cannot send or receive email. ... That command allows ssh to the PIX, ...
      (comp.dcom.sys.cisco)
    • Re: Firewall for laptops, corporation with 1,000 laptops
      ... I disagree completely that all you need is a PIX to protect your network, ... PIX does nothing to protect you from VPN ... alerting, which are essential to a firewall solution, are lacking.] ... the PIX firewall does nothing to protect a roaming laptop from ...
      (microsoft.public.security)
    • Re: Cisco PIX fixup protocol command
      ... The PIX is a stateful firewall and maintains state on ... The reason why a security evaluation might result in a recommendation to ... is no need to have the SMTP fixup enabled. ...
      (Security-Basics)
    • RE: Hardware Firewall vs Software Firewall
      ... Hardware Firewall vs Software Firewall ... will drive the price to the point where the PIX is more cost effective. ... on a router ACL unless you're using the CSPM, ...
      (Security-Basics)