RE: PIX-515 acceptable CPU usage?

["Ahmed, Balal" <balal.ahmed () capgemini com>]

Some time ago cisco Documentation used to say that if your PIX firewall is
running at 30% sustained utilization then an upgrade is advised. The latest
version of this document [1] no longer includes a baseline figure. I suppose
the reason for this is that each deployment is different.

I suggest you go back to first principles and monitor your pix to generate a
baseline for yourself e.g.

1) SNMP CPU graphing (using something like mrtg to monitor CPU levels)
2) Monitor/graph latency through the firewall
3) On the pix you could also monitor the memory blocks available (show
blocks) this tells you if there is RAM available for processing [1]

Having good historical data to hand will help detect and plan upgrade points
better than manually logging on and checking stats sporadically. As we all
know a good set of graphs can help sell the idea to budget controllers.

HtH

[1]

http://www.cisco.com/warp/customer/110/pixperformance.html#intro



This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It 
is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized 
to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  
message in error, please notify the sender immediately and delete all  copies of this message.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards