Hello all.

I have a FWSM version 2.2(1) running in transparent mode which is housed in a 6509 with sup720.

There are 7 security contexts defined in the FWSM. One of the contexts houses a fairly busy Internet facing FTP cluster and DNS cluster. This is consistently using 65% CPU and 70Mb memory. Other contexts are using around 1-2% CPU and a couple of Mb of memory.

While other contexts have more traffic passing through them the cpu intensive context maintains a much higher number of concurrent TCP and UDP connections - around 38k TCP and 20k UDP.

I think that the connection timeouts are not optimally configured which is making the problem worse. They are still on their defaults for all contexts, which are:

Connection: 01:00:00

H.225: 01:00:00

H.323: 00:05:00

SIP: 00:30:00

SIP Media: 00:02:00

MGCP: 00:05:00

Authorization absolute: 00:05:00

Authorization inactivity <= DISABLED

Half-closed: 10:00

UDP: 00:02:00

RPC: 00:10:00

Translation slot: 03:00:00

It strikes me that a 1 hour connection timeout is excessive - however I know that others use FWSM with busy networks and don't encounter an issue with the default timeouts.

Has anyone else changed the default FWSM timeouts and encountered reduced CPU useage?

Any suggestions of how I can diagnose the CPU useage and/or optimise the connection timeouts?

Many thanks in advance for any replies!!