Re: [fw-wiz] Pix 501 and server time-outs



Check the interfaces for dropped packets. All of your connections are probably legitimate. Sounds like you have too much for the Memory if you have only 1MB left. The LED's are screaming HEEELLP! The firewall is getting lit up with so much traffic. I would not be surprised if the CPU is not pegged as well. a 501 is a branch office firewall. Add all the traffic going out the interface (i.e. how many 10MB/100MB connections you have) and measure the bandwidth you have available (i.e 1.544 T1). Try to measure your traffic before and after your email went in house. It may not be a question of hardware failure, just over use of the one you have.

Thank You,

Chris Myers
clmmacunix@xxxxxxxxxxx

John 1:17
For the Law was given through Moses; grace and truth were realized through Jesus Christ.


TIFF image

Go Vols!!!!

On Apr 21, 2008, at 3:17 PM, Bill O'Connell wrote:


Hi everyone,

I'm having increasing problems with a cisco pix 501 firewall. File transfers are failing, especially on larger files. The problem seems to be happening as follows. HTTPS - worst - we can not get anything transferred except sometimes very small files. FTP - seems hit or miss with small to mid size (up to 50 mb) files. Sometimes I can get files larger files transferred, sometimes even the smallest files will give a timeout error. HTTP - this seems the most reliable, however, files over 100 mb seem to have problems.

This problem was very sporatic before - in fact I just thought it was random problems when it happened due to the fact that we were always able to get things on the second try.

Recently we brought our email in house, so we have more traffic through our pix.

All three file transfer protocols are using fixups.

And to further complicate matters (or help depending on how you look at it) Friday afternoon and Monday morning the firewall froze up needing an unplug to get things moving again. Both times all 4 leds for the network switch on the pix were flashing.

Right now I'm looking at purchasing a new firewall figuring there is some kind of harware problem.

Has anyone encountered these kind of problems before?
Does anyone know what the LEDs mean when flashing like that (I couldn't find it in the online docs)
Lastly, I ususally see less than 1 mb free on ram. Is that usual?

The logs don't seem to indicate any problem (hardware related?)



Thanks for any advise,

Bill O'Connell
Network Solutions Manager
boconnell@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
708-633-7450


NOTICE: This Liberty Creative Solutions, Inc. e-mail transmission (including any file attachment) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged and confidential, the disclosure of which is governed by applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by reply e-mail or a collect telephone call and delete or destroy all copies of this message and any file attachment. Thank you!

--
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: vsftpd slow because of iptables firewall
    ... When I try uploading a directory of files it is very slow ... starting the iptables firewall at boot and my file transfers were very ... So the next question is why slow transfers with the firewall "problem" ... New and Improved Yahoo! ...
    (Fedora)
  • Re: vsftpd slow because of iptables firewall
    ... > starting the iptables firewall at boot and my file transfers were very ... "Firewalling" on Linux with iptables ... fully close paths for network packets. ...
    (Fedora)
  • Re: What is the Pattern here ?
    ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ...
    (comp.security.firewalls)
  • Re: Port 135
    ... The patch doesn't disable DCOM / RPC, so connections can still be made. ... That's why you need a firewall. ... the patch is not the thing to control ... control over your TCP/IP ports and services, ...
    (microsoft.public.security)
  • Re: Black Ice confesses faulty program!!!
    ... > outgoing connections or traffic except in cases where these connections ... > "dangerous/suspicious" traffic by the BlackICE program. ... > get into your machine then even a PC *without* a firewall is completely ... If you don't think "Spyware" is a problem for computer ...
    (comp.security.firewalls)