06-30-2004 07:00 AM - edited 02-20-2020 11:29 PM
Here is a question for Pix gurus:
What puts a heavier load on a Cisco Pix firewall:
- 4000 DNS requests generating 1 MB of traffic
or
- 1000 HTTP requests generating 50 MB of traffic
or
- 10 FTP downloads generating 500 MB of traffic
Is the Pix using more resources to establish a new connection or to pass traffic through an existing one? So Pix resources (memory, CPU) not Internet bandwidth.
Adrian Grigorof
Developer, FireGen for Pix Log Analyzer
06-30-2004 06:06 PM
Difficult to answer...in general however, the PIX spends more time building and tearing down connections and translations so #1 above would most likely be the winner.
Scott
07-01-2004 03:21 AM
Adrian,
I think the answer is somewhat dependent upon
whether or not "fixup" is enabled for DNS, HTTP, and
FTP first and foremost, and configuration options
disabling SYSLOGGING ....
(Which would tend to cause problems for any type
of log analysis....)
Then, followed by the hardware platform whether
standalone PIX525/535 or FWSM/7600 FWSM/6500.
There is obviously more work in establishing connections, setting up internal tables, which
would tend to lead one to suspect 4000 DNS requests
coming in at once would probably be more CPU intensive than the others listed.
John T. Roney
AT&T
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide