Thank you to all that have replied my post.

A Cisco EuroTAC Engineer has contacted me after the post.
He said that this failure has been seen in some few other sites
(only on PIX 515). They have opened the case CSCdp32325 as it is
supposed to be caused by a bug that freezes NIC adapters logic.
The problem is present also in versions 4.4(2) and 5.0(2).

I hope they are on the right track and it doesn't turn out to
be a hardware issue with our unit!

Regards,
Gustavo Bellotto

Gustavo Bellotto wrote:
> 
> Hello,
> 
> Since we've installed a PIX 515 firewall it hangs two or three times
> a day. IN and OUT Interfaces stop responding and ping fails from PIX
> to any other IPs than its own interfaces.
> 
> Each time it's gone we saw from console that 1550 bytes long buffers were exhausted.
> 
> Cisco documentation of SHOW BLOCKS command is really funny:
> 
>   "A zero in CNT column means memory is exhausted now. Exhausted
>    memory is not a problem as long as traffic is moving through the PIX
>    Firewall. You can use the show conn commands to see if traffic is
>    moving. If traffic is not moving and the memory is exhausted, a
>    problem may be indicated."
> 
> Of course traffic does no pass through when PIX is dead, although traffic
> counters increase slowly.
> 
> During normal operation we have less than 100 connections, but most
> of them could have heavy traffic (proxies servers). Typical buffers utilization is:
> 
>    SIZE    MAX    LOW    CNT
>       4   1600   1597   1599
>      80    400    397    400
>     256    400    394    398
>    1550    932    635    674
>   65536      8      7      8
> 
> (Just 1/3 of 1550 bytes buffers allocated)
> 
> Also main memory does not seem to be an issue:
>         33554432 bytes total, 25481216 bytes free
> 
> PIX soft version is 4.4(1) (2 interfaces, no fail-over nor IPsec).
> 
> Did anybody hear of such a problem?
> 
> Thanks,
> 
> Gustavo Bellotto
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to