11-14-2009 09:59 AM - edited 03-11-2019 09:39 AM
Hello,
I have upgraded our 2 ASA firewalls (Active/Standby) from 8.0.3 to 8.0.4.48 and the memory has gone from 280mb to 450mb, the ASA's have 512mb.
Is this normal/ok?
I will call Cisco TAC on Monday, but seems quite a jump to me, I'm wondering if it has turned something on I don't need, not sure how I can check.
Thanks
11-14-2009 10:24 AM
This is expected due to new features. I would suggest disabling threat-detection to free up some memory. As long as you aren't seeing a steady increase in memory I wouldn't sweat it.
11-14-2009 10:57 AM
How do I disable threat-detection?
11-15-2009 08:26 AM
to see what threat-detection features are enabled issue the command "show run threat-detection"
to disable those features use the "no" keyword before them.
For example
===========================
ciscoasa# sh run threat-detection
threat-detection basic-threat
threat-detection statistics access-list
ciscoasa# conf t
ciscoasa(config)# no threat-detection basic-threat
ciscoasa(config)# no threat-detection statistics access-list
===========================
11-15-2009 12:15 PM
Thanks,
I tried that but made no difference to the amount of memory being used, how can I show what is taking it all up?
11-15-2009 03:22 PM
You can try show proc mem.
HTH,
jerry
11-16-2009 12:07 AM
11-16-2009 07:13 PM
The top two offenders are tmatch compile and dispatch unit. tmatch compile is related to ACLs and dispatch unit related to traffic.
How big are your access lists? (show access-list | i elements)
What is the platform?
How much traffic is going through this box?
Are there drops, errors, overruns or underruns on the interfaces?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: