Thanks for your response...

Our contract with cisco for cisco PIX 535 is over.......

Please let me know the details u would like to have to investigate further.

Good Day All,

Can any one help me on the below issue....

Hi,

Wanted to know whether Pix 535 supports the below IOS :

Cisco PIX Security Appliance Software Version 8.0(4)32
Device Manager Version 6.1(5)51

Hardware config of Pix 535 :

Hardware:   PIX-535, 1024 MB RAM, CPU Pentium III 1000 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash DA28F320J5 @ 0xfffd8000, 128KB

Thanks in advance!!!!!

Yes it is supported, and the memory size is also OK.

There might be software bug that causes the high memory issue.

Unfortunately because 8.0.4 is the latest version supported on the PIX platform, and since you no longer have Smartnet for PIX anymore, and PIX 535 has come to End Of Life, it is best to migrate or at least look to migrate to the ASA platform.

Here is the EOL notification for PIX535:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps2119/prod_eol_notice0900aecd80731e13.html

Thanks Jennifer,

I understand its best that we migrate to ASA, but still its its pending from client side . From IOS point of view I have checked the release note of this IOS

http://www.cisco.com/en/US/partner/docs/security/pix/pix80/release/notes/pixrn804.html.

How do we come to know the exact software  bug??? Can we diagnose it.....?

Hi all,

I would like to know whether the failover firewall shows the same memory utilisation as primary .

Also from above  if their is high utilisation on both firewall with current IOS , can downgrading or upgrading the software will resolve the problem.

Please Note High utilisation remains almost constant during busniess and non busniess hours  on both firewall

Or is their any other way to resolve the issue...

Don't think you can upgrade the PIX software any further as said earlier, the version that you are running would be the latest supported on PIX.

As you are currently running an interim version, it is likely that it is for a specific bug fix, and if you downgrade the PIX, you will probably loose the bug fix that you have.

Does it actually impact the traffic flow? or you are just observing the high memory utilization. If it doesn't actually impact on the traffic flow, I would not worry too much about it because if you actually try to fix something by downgrading the firewall, you can potentially cause more issues/bigger impact.

Since when did you observe the high memory utilization? what was the memory utilization before you observed that it's now high? were there any changes made prior to the memory being high?

If you actually observe high memory both during business hours and after business hours, then it is not traffic related, it's probably a software bug. But as I said, it's pretty hard at this stage as there is no further upgrade that you can do with PIX.

Thanks Jennifer for your response!!!!

Actually it does not impact any traffic flow right now ( may be in future it will). I have observerd this high utilisation from last 15 - 20 days, Prior to this it would be around max 50 to 60 percent. There were very few rules opened in the firewall during this period which were very specific and have checked it again.

One more thing I would like to discuss is this that around 1 month back there was pix failover had taken place due to power loss, due to which secondary was active. However after some time we again change it to normal scene.

Would Restarting the firewall ( first secondary than primary) would help??????

Great idea, i would give restarting a go.