No noticeable delay. In fact, as far as I can tell, it runs pretty fast, but I want to get jiggy with some advanced features and VPN client/server down the line and I'm concerned that this can't take it.

# show conn count

4 in use, 81 most used

# show xlat count

4 in use, 502 most used

What did that do? Can I clear xlates or something?

I'm running FOS 6.3.

What kind of things drain CPU?

Bandwidth? ACLs? VPN?

What kind of things drain RAM?

Bandwidth? ACLs? VPN?

no need to do clear xlat. I thought you are under attack, but this is not the case.

the only major thing that can drain the CPU/RAM is "traffic"

If you have lot of traffic which pix is having trouble in coping up with then, CPU/RAM utilization will increase. This could happen under attack situation or if PIX is over utilized.

Thanks

Nadeem

My CPU usage is minimal (nearly 0%). I've only got a couple ACLs and NAT/DHCP for a couple of downstream clients. What is sucking up so much memory?

I'm concerned that I don't have enough memory to scale this for VPNs, IDS, and other features. Can you be more specific about "traffic"?

What kind of things drain CPU?

Bandwidth? ACLs? VPN? IDS?

What kind of things drain RAM?

Bandwidth? ACLs? VPN? IDS?

How can I speed this sucka up?

Any tips on when to upgrade (when I say upgrade, I don't mean adding RAM, I mean buying a 506) or how to reduce RAM, etc?

Master B

10 Mbps of firewall throughput and 3 Mbps of 3DES VPN throughput, you ain't gonna get much Yo. This is the little baby firewall, move to the slapp'n m'amajamma 506 if you are worried. Word. Peace Yo!

ANSWER TO YOUR QUESTIONS BELOW !!!!!!!!

What kind of things drain CPU?

Bandwidth? ACLs? VPN? IDS?

>> ALL OF THE ABOVE CAN DRAIN CPU AND BANDWIDTH. EVENTUALLY IT ALL BOILS DOWN TO THE AMOUNT OF TRAFFIC FLOWING ACROSS THE PIX. NUMBER OF PACKETS CROSSING THE PIX MY FRIEND. WEHTER IT IS ACL OR YOU HAVE VPN CONFIGURED OR YOU HAVE OVER LOADED THE PIX USING IDS, IF THERE IS NOT ENOUGH TRAFFIC NOTHING WILL HAPPEN TO YOUR PIX. AS SOON AS TRAFFIC JUMPS UP SO AS YOUR CPU USAGE STARTS SHOOTING. UNDERSTOOD!!!!!

What kind of things drain RAM?

Bandwidth? ACLs? VPN? IDS?

THE ANSWER IS SAME AS ABOVE. IF YOU HAVE EVERY THING CONFIGURED ON A SMALL PIX OR EVEN ON A BIG POWER FULL PIX, THEY ALL WILL COMPOUNDED UP TO CHEW UP YOUR RAM. BASICALLY AGAIN THE PACKETS PROCESSED BY THE PIX. EITHER THE CPU OR THE RAM , YOU CAN GET WHAT IS CHEWING IT UP BY CHECKING "SHOW PROCESSES" OUTPUT.

How can I free up RAM on my PIX?

THERE IS NO COMMAND TO FREE UP RAM ON YOUR PIX. IF YOU ARE USING VPN, THIS IS AN OVER HEAD ON THE PIX, IF YOU ARE USING IDS, THIS IS OVERHEAD, IF YOU ARE USING AAA, THIS IS AGAIN OVERHEAD. EVERY ADDITIONAL PROCESS THAT YOU STARTS OUT WILL START USING ADDITIONAL RAM. YOU HAVE A SMALL PIX 501 THAT IS SUPPOSED TO BE FOR 10 USERS ONLY IF YOU HOOK UP 50 USERS ON IT WHAT IS GOING TO HAPPEN?????

THANKS

NADEEM

Thanks for your reply, Nadeem.

I was looking for information on which services use which resources since I have little to spare. Obviously, all traffic will consume resources through the firewall, I was looking for specifics on which services use which resources.

Glenn explained which services use CPU cycles and which use Memory to help me decide if my PIX was robust enough for what I have planned. He also gave me some details on how RAM is allocated on the firewall. Perhaps I wasn't clear enough the seven times I posted this question, which might explain your frustration. I will try to be more clear in the future.

Thanks again for your assistance.