Responding to the reply since I wasn't around for the original.
I rarely find the 'show blocks' command on the PIX to be really
useful. What I would recommend looking at is the syslog buffer. If you
have a syslog server, that's probably best, but otherwise, you should be
able to do a "show log" and get the last several entries. Depending on
your configuration, there could be MANY things that could cause the
firewall to stop passing traffic, or appear to stop.
Also useful is the 'show interface' command. Check for collisions, and
other errors. Are the interfaces set to autodetect, or specified line
speeds?
I've run through the bugs listed in the Release notes, and don't see
anything obvious, however, there is a newer version out (v 4.4.2) which is
listed as GD (General Deployment). I would recommend running that
version as well.
Hope that helps.
Lisa Napier
Product Security Incident Response Team
Cisco Systems
At 02:54 PM 11/8/1999 -0500, Carric Dooley wrote:
>The only time I remember seeing PIX come to a hault was when someone had
>built NAT's and their conduits backwards (i.e. trying to translate priv.
>to pub from the outside). Just something to look at. =)
>
>
>Carric Dooley CNE
>COM2:Interactive Media
>http://www.com2usa.com
>
>"Luck is the residue of design."
>- Branch Rickey - former owner of the Brooklyn Dodger Baseball Team
>
>On Mon, 8 Nov 1999, Gustavo Bellotto wrote:
>
> > Hello,
> >
> > Since we've installed a PIX 515 firewall it hangs two or three times
> > a day. IN and OUT Interfaces stop responding and ping fails from PIX
> > to any other IPs than its own interfaces.
> >
> > Each time it's gone we saw from console that 1550 bytes long buffers
> were exhausted.
> >
> > Cisco documentation of SHOW BLOCKS command is really funny:
> >
> > "A zero in CNT column means memory is exhausted now. Exhausted
> > memory is not a problem as long as traffic is moving through the PIX
> > Firewall. You can use the show conn commands to see if traffic is
> > moving. If traffic is not moving and the memory is exhausted, a
> > problem may be indicated."
> >
> > Of course traffic does no pass through when PIX is dead, although traffic
> > counters increase slowly.
> >
> > During normal operation we have less than 100 connections, but most
> > of them could have heavy traffic (proxies servers). Typical buffers
> utilization is:
> >
> > SIZE MAX LOW CNT
> > 4 1600 1597 1599
> > 80 400 397 400
> > 256 400 394 398
> > 1550 932 635 674
> > 65536 8 7 8
> >
> > (Just 1/3 of 1550 bytes buffers allocated)
> >
> > Also main memory does not seem to be an issue:
> > 33554432 bytes total, 25481216 bytes free
> >
> > PIX soft version is 4.4(1) (2 interfaces, no fail-over nor IPsec).
> >
> > Did anybody hear of such a problem?
> >
> > Thanks,
> >
> > Gustavo Bellotto
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
