Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
5669
Views
5
Helpful
0
Comments

Information contained in the show blocks command output

TCC_2
Level 10
Level 10

‎06-18-2009 04:04 PM - edited ‎03-08-2019 06:07 PM

Resolution

The show blocks command is useful in diagnosing certain network problems. This command displays the maximum available buffer space on the PIX Firewall. It also shows the current available buffer space and lowest amount of buffer space that has been available.

If at any point the buffer space reaches zero, there is an overflow, and information is dropped. When this occurs, it usually happens on the PIX network interfaces.

When the buffer space is very low or frequently hits zero, there is an indication that too much traffic is trying to pass through the PIX. To resolve the issue, steps or design considerations may need to be considered.

This is an example of the output seen when issuing the show blocks command:

  

SIZE        MAX        LOW        CNT
4           1600        1600       1600
80          100         97         97
256         80          79         79
1550        788         402        404
65536       8           8          8

This list details each column of the output:

 

  • The SIZE column displays the block type.

  • The MAX column is the maximum number of allocated blocks.

  • The LOW column is the fewest blocks available since the last reboot.

  • The CNT column is the current number of available blocks.

  • A zero in the LOW column indicates a previous event where memory was exhausted.

  • A zero in the CNT column means memory is exhausted. Exhausted memory is not a problem, as long as traffic is moving through the PIX .

To see if traffic is moving, issue the show conn command. If traffic is not moving and the memory is exhausted, a problem may be indicated.

This is sample output from the show conn command:

PixFirewall(config)#show conn
6 in use, 6 most 
used
TCP out 209.165.201.1:80 
in 10.3.3.4:1404 idle 0:00:00 Bytes 11391 
TCP out 209.165.201.1:80 
in 10.3.3.4:1405 idle 0:00:00 Bytes 3709 
TCP out 209.165.201.1:80 
in 10.3.3.4:1406 idle 0:00:01 Bytes 2685 
TCP out 209.165.201.1:80 
in 10.3.3.4:1407 idle 0:00:01 Bytes 2683 
TCP out 209.165.201.1:80 
in 10.3.3.4:1403 idle 0:00:00 Bytes 15199 
TCP out 209.165.201.1:80 
in 10.3.3.4:1408 idle 0:00:00 Bytes 2688 
UDP out 209.165.201.7:24 
in 10.3.3.4:1402 idle 0:01:30 
UDP out 209.165.201.7:23 
in 10.3.3.4:1397 idle 0:01:30 
UDP out 209.165.201.7:22 
in 10.3.3.4:1395 idle 0:01:30 

In this example, host 10.3.3.4 on the inside has accessed a website at 209.165.201.1. The global address on the outside interface is 209.165.201.7.

The clear blocks command keeps the maximum count to whatever number is allocated in the system and equates the low count to the current count.

This list details the use of each block:

  • 4. Duplicates existing blocks in the Domain Name System (DNS), Internet Security Association and Key Management Protocol (ISAKMP), URL-filtering, user authentication (uauth), H.323, and Transmission Control Protocol (TCP) modules

  • 80. Used in TCP intercept to generate an Acknowledgment (ACK) packet, failover, and hello messages

  • 256. Stateful failover, syslog, and TCP module

    

  • 1550. Ethernet packets, buffering URL, and filtered packets

  • 65536. QoS metrics
Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents