I know it's a different device, but on a router it can cause loss of traffic.
We had a problem where I work recently, where the router was so overwhelmed
due to the fact that we had turned it into a firewall by having extensive acls on all
inbound and outbound traffic, it just stopped accepting traffic entirely, in this case
the cpu was staying around the 70-90% range. It would go in intermittent drops,
working fine for a while and then dropping all traffic for about 2-3 minutes while it
recovered. In our case we exhausted the cpu and memory,though it was a much
smaller device, a cisco 2620 router.

__________________________________________________ __

David A. Swafford, Network Engineer
Information Technology Team
Archbishop Alter High School

EC-Council Certified Ethical Hacker

A Cisco Systems, Inc., Certified Network Associate (CCNA)
and a CompTIA Network+ and Security+ Certified Professional

>>> matthew.stansel@yale.edu 10/11/2006 1:37:14 pm >>>

Has anyone discovered and a reliable source of information regarding
performance or operational parameters for Cisco PIX firewalls? That is,
acceptable limits for the various resources utilized, CPU, memory,
interface saturation, etc. Specifically, what are the impacts of high
CPU utilization on this platform? What are the implications of CPU
levels exceeding 80-90%.

Many thanks,

Matthew A. Stansel
Office of Information Security, ITS
Yale University
100 Church St. South, Ste. 107
New Haven CT 06519
Land: 203.737.5260
Mobile: 203.623.3747

HIPAA notice:
The information contained in this message may be privileged and confidential. If you are NOT the intended recipient, please notify the sender immediately with a copy to hipaa.security@yale.edu and destroy this message. Please be aware that email communication can be intercepted in transmission or misdirected. Your use of email to communicate protected health information to us indicates that you acknowledge and accept the possible risks associated with such communication. Please consider communicating any sensitive information by telephone, fax or mail. If you do not wish to have your information sent by email, please contact the sender immediately.

firewall-wizards mailing list

firewall-wizards mailing list