Re: Cisco 5525-x / 1G Internet / Lots of Users / CPU Max Out

mjensen323 · ‎09-28-2017

Hello -

We have a 5525-X with 1 gig connection, we introduced a fairly large number of users to our environment in the last few weeks and notice in the afternoons a slowdown until a reboot of the firewall. We are on 9.6.1.

Our show conn count:
54914 in use, 54914 most used

sh xlate

64270 in use, 74572 most used

Bandwidth is peaking around 500MB, Avergages around 300.

Is the firewall undersized?

Flavio Miranda · ‎09-28-2017

Hi,

Can you show the output from:

"show resource usage summary" and "show resource usage resource Xlates"

mjensen323 · ‎09-28-2017

show resource usage summary

Resource Current Peak Limit Denied Context
Telnet 1 1 5 0 System
ASDM 1 1 30 0 System
Syslogs [rate] 0 918 N/A 0 System
Conns 6354 56977 500000 0 System
Xlates 7300 74572 N/A 0 System
Hosts 2838 8624 N/A 0 System
Conns [rate] 48 11287 N/A 0 System
Inspects [rate] 23 781 N/A 0 System
Routes 7 7 unlimited 0 System

show resource usage resource Xlates
Resource Current Peak Limit Denied Context
Xlates 7192 74572 N/A 0 System

Flavio Miranda · ‎09-28-2017

Looking at this output, I would say that firewall is not running short in terms of resource:

Conns 6354 56977 500000 0 System
Xlates 7300 74572 N/A 0 System

mjensen323 · ‎09-28-2017

Any thoughts on why everything would slow down and then a reload of the firewall immediately resolves the issue?

Flavio Miranda · ‎09-28-2017

When you refer to slow down, do you mean Internet access, file sharing, intranet, or everything ?

mjensen323 · ‎09-28-2017

Internet traffic only.

Flavio Miranda · ‎09-28-2017

How about you topology ? Do you have additional security device like IDS/IPS?

ASA use WCCP to talk to someone on the environment ?

Can you briefly describe your environment?

Also, could you run this command: "sh int | i errors"