Re: PIX 515E memory buffer error/overload

klos_cioa · ‎10-11-2007

Hi all, I manage pair of 515E (both 128MB) in failover mode. Few day ago I occured some akward situation: in 2-3 hours memory usage rise form standard 63MB to 112MB (w/o traffic rise) and than PIX no1 refuse all outside connection (all inside network work OK). I switch to PIX no2, but situaction here was the same. After few sec. memory usage rise and PIX no2 refuse outside connection too. I switch again to PIX no1 and then restart both PIX. After that all back to normal.

After PIX restart there was a very high network traffic and a lot of open sessions. Then I found that one of employees run eMule on his PC, and when I kill that program traffic back to normal status. I don't know is there is any relationship between this two facts (memory buffer overload -> using P2P programs).

If anyone knows what could make such high memory usage - please answer.

I'll be very grateful for any help or clue what it could be.

Few data:

PIX ver. 7.2(3)

ASDM ver. 5.2(3)

Network build around firewall:

switch Cisco 2960 <- router 2800 <- 2X PIX 515E <- switch Nortel <- Juniper Networks

didyap · ‎10-17-2007

Usually a lot of open sessions and high traffic is due to some virus attack or DoS attack, however it may also be due to some application which is trying to connect to outside but is not able to complete the session. The exact nature can be determined by traffic capture and analysis. You can also try to run the program again ad check if the same situation occurs.

klos_cioa · ‎10-17-2007

Thanks a lot for reply.

Unfortunatly after both PIX reboot all log "files" was vanished, so i can't check out what exactly happened. I'll try test PIX with few different P2P application.