[nsp] Firewall advises

Frank Zahrt fzahrt at caerusnetworks.com
Thu Dec 12 09:15:50 EST 2002


Christophe,
  Have you considered filtering some of the http traffic with Websense
(or similar)? Looks like a lot of browsing going through you PIX, which
may be perfectly legitimate. A filtering product would be able to
definitively answer that and regulate the traffic accordingly, perhaps
even allowing you more life out of your existing PIX.

HTH

Regards,
Frank


Frank Zahrt III
Senior Network Engineer
CCNP CCDP CCSE FCSE

Volo Communications


-----Original Message-----
From: odusseus [mailto:odusseus@voila.fr] 
Sent: Thursday, December 12, 2002 4:42 AM
To: cisco-nsp
Subject: [nsp] Firewall advises

Hi,

I am currently using a PIX-515 (64M Ram, Pentium 200Mhz, 16MB Flash).

During peak hours, this firewall is running with a CPU utilisation rate
of 50%.

As I plan to buy a new one, can someone advice which model should I get?

A "show perfmon" during peak hours said:
- 182 connections per sec,
- 6100 TCP fixup per sec,
- 5100 HTTP fixup per sec.

A "show xlate count" shows a value of 200.

A "show connection count" shows that the most used value of 13000.

Thank you.

Christophe

------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr 


_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list