• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1345
  • Last Modified:

PIX: Failover message block alloc failed

Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
OS: Cisco PIX Security Appliance Software Version 7.1(2)

I have two of the above firewalls that are connected with a failover LAN connection.  Every couple of months the Primary firewalls beings to deny any new connections through the firewall and I cannot SSH or even console into the firewall.  When I try to console into the FW it scrolls all the logging messages and will not allow me to login.  I get a weird "command...." message after issuing the "enable" command and get sent back to the user exec prompt.  
I have a syslog server running and after that keeps displaying the following message:
"(Primary) Failover message block alloc failed"

Here is Cisco's explanation of the message:
Explanation: Block memory was depleted. This is a transient message and the PIX Firewall should
recover. (Primary) can also be listed as (Secondary) for the secondary unit.

After about 20-30min of no connectivity and the above messages the Primary FW eventually fails over to the secondary FW (on its own) and connections are restored.  I don't see any other issues in the log other than the message above.  
0
nakoz69
Asked:
nakoz69
  • 3
  • 2
1 Solution
 
Pete LongConsultantCommented:
Your PIX is getting Overloaded, Along with the show cpu usage command, you can use the show blocks command in order to determine how often the PIX is overloaded

0
 
nakoz69Author Commented:
Awsome document!  I never even knew what packet-processing blocks were.  However, there is still one more issue, i cannot access the firewall when it is generating the block errors.  Even trying to console in it will not allow me to login and check the blocks or CPU.
0
 
Pete LongConsultantCommented:
Yeah I take your point - I know its a bit of a cop out answer (sorry) but you could try an upgrade to version 8 (cause if you opened a TAC case they would suggest that first)

I'm assuming that the firewalls fail over properly when this happens?
0
 
nakoz69Author Commented:
Upgrading to version 8 fixed the memory issues. The Pix has been running clean for months now with no issues.  Cisco admits there are memory problems with 7.1(2)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now