Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

high cpu usage on pix 515e

matt0424
Level 1
Level 1

‎01-13-2014 10:17 AM - edited ‎03-11-2019 08:29 PM

i am pix-515e is running 100% right now.  can you someone please help me? i already disabled dns, netbios h.323 ras on the global-policy. however, the cpu still at 100%

fw1# show proc cpu-usage sorted non-zero

PC         Thread       5Sec     1Min     5Min   Process

00285f57   01971374    97.2%    97.3%    97.3%   Dispatch Unit

00f4dbb7   0196c40c     2.2%     2.2%     2.2%   Logger

0066abe3   019683c4     0.2%     0.2%     0.2%   IKE Daemon

00a90d1d   0195f9c0     0.1%     0.0%     0.0%   telnet/ci

00accabf   01954bd0     0.1%     0.0%     0.0%   Unicorn Admin Handler

fw1# sh cpu usage

CPU utilization for 5 seconds = 100%; 1 minute: 100%; 5 minutes: 100%

fw1# sh service-policy

Global policy:
  Service-policy: global-policy
    Class-map: global-class
      Inspect: ftp, packet 0, drop 0, reset-drop 0
      Inspect: rsh, packet 0, drop 0, reset-drop 0
      Inspect: rtsp, packet 0, drop 0, reset-drop 0
               tcp-proxy: bytes in buffer 0, bytes dropped 0
      Inspect: skinny , packet 0, drop 0, reset-drop 0
               tcp-proxy: bytes in buffer 0, bytes dropped 0
      Inspect: sunrpc, packet 0, drop 0, reset-drop 0
               tcp-proxy: bytes in buffer 0, bytes dropped 0
      Inspect: tftp, packet 0, drop 0, reset-drop 0
      Inspect: pptp, packet 0, drop 0, reset-drop 0

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-13-2014 10:30 AM

Hello Matt.

Wow, the PIX is on fire!!!!

This high CPU usage is because of the amount of traffic going through the Firewal..

My recomendation

clear the interface counters and do

clear interface

then do

show interface | include errors

Provide the output and after 5 minutes

show interface | include errors

Then where you see the highest amount of errors create captures such as

cap cap_name interface inside (if inside showed more errors) headers-only

Afterwards provide us

show cap cap_name

I will try to look for a loop or connection taking everything

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card