Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
5
Helpful
2
Replies

Monitoring PIX Performance

r.sharafi
Level 1
Level 1

‎06-17-2003 12:38 AM - edited ‎02-20-2020 10:48 PM

Hi,

we want to monitor periodically the memory utilization of our PIX firewalls. I did not find any recommendation what amount of free memory in percentage should be the threshold to look for.

In the TAC documentation it is mentioned that the free memory should not change, if at all, during normal operation. But I am missing an actual number to use as threshold.

Can somebody help me with this?

Your experience and information regarding other important performance parameters like cpu utiliziation etc. is very much appreciated.

Thanks for your help and best regards

0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎06-27-2003 11:19 AM

Hi Sharafi,

I dont think so the memory utilization of PIX will be any standard.

It all depends on your network. Keep observing and after sometime

you can settle down on a speicific value of utilization.

There are no commands on the pix that will give you CPU utilization.

a router running NAT with large numbers of NAT translations active will

see high cpu at interrupt level.

This command will be useful: router#show proc cpu

0 Helpful

shannong
Level 4
Level 4

‎06-27-2003 11:35 AM

Percentage free will vary from one model to another. Even the same models may have different amounts of RAM. For example, the Pix 515 comes with 32MB or 64MB. Other variables affecting RAM usage:

The number of interfaces

The number and length of ACLs, especially with TurboACL

Use of the PDM

Use of stateful failover

The number of free blocks is also very important to a Pix. The pool of blocks are allocated at boot time for connections and translation information. These are important to track as well. You can have 50% free memory and have a problem due to insufficient free blocks for new connections and logging.

I suggest you monitor free blocks and free memory over time. The baseline is dependent on your business. If you sell Christmas trees, the seasons affect your baseline a lot. At least monitor your firewall for a month during a "peak" and "normal" period to establish your own baseline.

From a command line, you can use [show cpu usage], [show mem], [show perfmon] and [show pdm history] to monitor these values. Of course, you can use the PDM to monitor these things as well with a timeline graph.

You can use SNMP to poll the CPU, blocks, and memory utilization if you're running Pix 6.2+. Then you can graph it and perform threshold checks with an NMS. MRTG can graph these things easily for you.

-Shannon

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card