Improve company productivity with a Business Account.Sign Up


PIX 525 Firewall - Performance problem

Posted on 2004-08-02
Medium Priority
Last Modified: 2013-11-16
Hi all,

We have a performance issue with our Pix 525. CPU utilization has suddenly shot up to 80-90%, and during peak traffic loads, the pix even crashes.The normal utilization is around 30-40%.
The firewall was originally running IOS version 6.2(2) and upgraded to V6.3(3) and then to 6.3(4) after being advised by Cisco TAC.

A TAC case has been running for the past one week, and a resolution is still not available. Could someone give out a few pointers as to where I should start looking?
Question by:fullerms
LVL 36

Expert Comment

ID: 11691961
Can you provide some rough stats:-

Inbound & outbound bandwidth
Inbound & outbound packet rate
Number of connections through PIX

Author Comment

ID: 11692300
I really would'nt know how to get this information on a pix. What are the commands I need to use? The nearest to what you have asked for is pasted below.

We have multiple interfaces, and the traffic is as below. Inside and interface gb-ethernet1  are Gig fibre ports.

sh traffic
      received (in 73327.340 secs):
            41911612 packets      4225204014 bytes
            44 pkts/sec      57035 bytes/sec
      transmitted (in 73327.340 secs):
            68288317 packets      2362973543 bytes
            52 pkts/sec      32049 bytes/sec
ethernet1 :
      received (in 73327.360 secs):
            36530732 packets      293637582 bytes
            29 pkts/sec      4004 bytes/sec
      transmitted (in 73327.360 secs):
            22356811 packets      3954096890 bytes
            12 pkts/sec      53045 bytes/sec
      received (in 73327.380 secs):
            244794016 packets      3132224894 bytes
            3045 pkts/sec      42012 bytes/sec
      transmitted (in 73327.380 secs):
            358067960 packets      3808419625 bytes
            4004 pkts/sec      51000 bytes/sec
gb-ethernet1 :
      received (in 73327.400 secs):
            271831733 packets      1144006870 bytes            
            3004 pkts/sec      15015 bytes/sec
      transmitted (in 73327.400 secs):
            197924351 packets      4188015912 bytes
            2054 pkts/sec      57055 bytes/sec
      received (in 73334.010 secs):
            45880281 packets      2865143858 bytes
            39 pkts/sec      39011 bytes/sec
      transmitted (in 73334.010 secs):
            47919282 packets      3354998369 bytes
            9 pkts/sec      45046 bytes/sec
      received (in 73334.030 secs):
            36960128 packets      2568975870 bytes
            35 pkts/sec      35031 bytes/sec
      transmitted (in 73334.030 secs):
            42877533 packets      408221391 bytes
            57 pkts/sec      5039 bytes/sec

show conn count
14649 in use, 27259 most used
LVL 79

Expert Comment

ID: 11692689
Suggest you put a sniffer on the inside to see what is hammering it with 4000 packets per second. Sure sounds like a worm.
You can start by simply blocking icmp echo from hitting the interface with an access-list on the inside interface. Block icmp echo only.
LVL 36

Accepted Solution

grblades earned 2000 total points
ID: 11694160
I agree with lrmoore. In addition on the outside interface you can see the average received packet size (57000/44) is around 1300 bytes which is what I would expect as the maximum packet size is 1500 bytes.
On your internal interface the average is more like 15 bytes which is very low. It appears there is lots of traffic going between the inside and gb-ethernet1 interfaces consisting of very small packets.

You can get a free packet sniffer from
You will need to configure port spanning on the switch the PIX connects to so that all traffic to and from that interface is sent to another port which you have the packet sniffer attached to.
LVL 23

Expert Comment

by:Tim Holman
ID: 11721170
Here's how you get Ethereal to work:

1)  Go to
2)  Under Windows 98/ME/2000/XP/2003 Installers, select a site near you
3)  Download WinPcap_3_0.exe and ethereal-setup-0.10.4.exe
4)  Install WinPcap_3_0 - double click on the WinPcap_3_0.exe file, just
click OK / Yes throughout
5)  Install ethereal-setup-0.10.4 - double click on the file, accept all the
defaults (OK / Yes throughout)
6)  Start the Ethereal application
7)  Go to Capture > Start
8)  Under Interface, select your Internet facing interface.  If you're
unsure, then select one, and continue.  If it displays results, then you've
got the right interface, if your capture is empty, then select another
interface and carry on...
9)  Under Capture Files, put \capture.cap
10)  Click OK
11)  Capturing will commence....
12)  Capture what you need to
13) Go back to Ethereal, click Stop
14)  Analyse the c:\capture.cap file, or send it to me -

We need to see what all these packets are.  The PIX is not very good at withstanding high volumes of small packets.  A 10-20Mb flood of SYN or UDP / connectionless packets will easily keel the PIX over.

I would also check there are no routing loops.

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
OnPage has always empowered IT teams but also amplify alerting capabilities. In the following slides you will see 5 features of OnPage that act as important tools for any IT team to resolve incidents faster
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question