Background:
PIX 525-UR running v6.2(2)
being hit by high volume of fragmented udp packets
(around 80+ Mbps)
cpu usage overing around 88%
traffic is being dropped by rule
about 10 Mbps is legit traffic
The firewall is holding it's own but I was wondering if anyone has any suggestions on some added streamlining that can be done while other avenues are looked at for a more permanent approach. (I'm already working other ways such as ISP, etc.)
Currently all unneeded fixups are off, logging is scaled back, interfaces are all 100/full.
I've seen these things push more traffic than this with less impact on the cpu but this is mostly small, fragmented packets. I'm aware that we are already approaching fastE limits so I'm not really looking to boost much more throughput, simply wondering if I can take some strain off the cpu.
Any insights would be appreciated.
Thanks,
Scot