Re: [fw-wiz] Pix 501 and server time-outs

From: "Bill O'Connell" <boconnell@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Apr 2008 12:07:10 -0500

Hi Chris,

Thanks for the input.

There are no dropped packets from what I can see, but the logging is substandard without setting up a syslog server.

We are running 3MB connection for our internet and only one 100 MB port for out internal connection.

I'm fairly convinced that the firewall is a problem, though cisco claims I'm well under utilization for the pix 501. I just bought a 5505 ASA to replace it. I should know by Monday if that solves my problem.

Bill

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Chris Myers
Sent: Tuesday, April 22, 2008 5:58 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Pix 501 and server time-outs

Check the interfaces for dropped packets. All of your connections are
probably legitimate. Sounds like you have too much for the Memory if
you have only 1MB left. The LED's are screaming HEEELLP! The firewall
is getting lit up with so much traffic. I would not be surprised if
the CPU is not pegged as well. a 501 is a branch office firewall. Add
all the traffic going out the interface (i.e. how many 10MB/100MB
connections you have) and measure the bandwidth you have available
(i.e 1.544 T1). Try to measure your traffic before and after your
email went in house. It may not be a question of hardware failure,
just over use of the one you have.

Thank You,

Chris Myers
clmmacunix@xxxxxxxxxxx

John 1:17
For the Law was given through Moses; grace and truth were realized
through Jesus Christ.

--
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.

--
This message has been scanned for viruses and
dangerous content by OpenProtect(http://www.openprotect.com), and is
believed to be clean.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

References:
- [fw-wiz] Pix 501 and server time-outs
  - From: Bill O'Connell
- Re: [fw-wiz] Pix 501 and server time-outs
  - From: Chris Myers

Prev by Date: Re: [fw-wiz] IPSEC VPN: Sidewinder >-< Nortel compatible?
Next by Date: [fw-wiz] 10Gb Firewalls
Previous by thread: Re: [fw-wiz] Pix 501 and server time-outs
Next by thread: [fw-wiz] IPSEC VPN: Sidewinder >-< Nortel compatible?
Index(es):
- Date
- Thread

Relevant Pages

Re: I am having connectivity problems
... firewall and turned ON Windows firewall. ... When I tried to install SP2 I was unable to get it thru Windows Update. ... does the connection problem persist? ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Serious Security Issue in Windows XP SP2s Firewall
... Subject: AW: Serious Security Issue in Windows XP SP2's Firewall ... If you update a WinXP SP-1 with enabled Internet ... Connection Firewall ...
(Focus-Microsoft)
RE: Serious Security Issue in Windows XP SP2s Firewall
... file and printer sharing is available for network login from any network (I ... Internet Connection Sharing of the PC has to be disabled." ... Serious Security Issue in Windows XP SP2's Firewall ...
(Focus-Microsoft)
Re: Still cant connect to RWW or OWA remotely
... No, I don't have a 3rd party firewall, and it's a pretty plain vanilla WinXP ... Connected to the network like the other workstations, ... I could go to any workstation and connect to them just fine. ... match the broadband connection, the two NIC firewall, the remote ...
(microsoft.public.windows.server.sbs)
Re: Big hole??
... > firewall then even they can't get in, ... > supposedly safe SP2 for Windows XP invites any Internet ... > Connection Sharing of the PC has to be disabled. ... > in fact is a common configuration and not a rare sight. ...
(microsoft.public.windowsxp.general)