Ok smart people, here is a challenge for you.
I have a PIX 535 w/failover, 6 interfaces (inside, outside, syslog, state full, and 2 not used) My configuration is 35 pages printed. We are an enterprise entity running off a single firewall. I am logging informational to a kiwi syslog over udp to filter the monster that the pix creates for a log. The PIX has a gig of ram. I am using turbo access lists.
The cpu usage goes to 99% and stays there for 15-20 minutes if I make any changes to a object group. This slows traffic but not to a halt. If I make more than 5 changes in 20 minutes it will slow significantly and traffic will timeout through the PIX. We have the w32.korgo.V virus here and when it was on 6 different machines it would bring the PIX to a halt. It tries to make connections to other IP's on port 445 and we have 445 blocked on the firewall. Even though those 6 machines were infected and getting denied by the PIX every time they attempted to connect outside it, this would cause the pix to slow down enough to time out all traffic and most attempts to connect to the PIX itself. We blocked 445 on the router before the pix and the cpu immediately dropped to 6% usage and stays below 10.
It is not just the virus but a number of things that will cause the pix to slow lately and I do not see any errors or unexplained syslog messages. Cisco has sent us a new 535 w/failover and the same thing happened on the new boxes. This same config has worked perfectly for 5 months with nothing like this happening. I keep getting "escalated" to a different engineer in Cisco, but I am convinced that the smartest Cisco people do not work for Cisco. Does anyone have any ideas without me sending the config?