ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

Options

‎04-20-2009 02:20 AM

hi Danby,

 

be carefull sometimes get session will make cpu high. 

 

Thanks

Message 11 of 25 (6,433 Views)
 
Reply
Danby
Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Options

‎04-20-2009 04:53 AM

Hi Elkim

 

I get another high traffic log for you , it is because the before one is sometime lower down the CPU high.

Please check your mail

 

Thanks

Danby

Message 12 of 25 (6,424 Views)
 
Reply
Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

Options

‎04-20-2009 07:38 AM

Hi Danby,

 

do u already check my previous suggestion ?

 

Thanks

Message 13 of 25 (6,415 Views)
 
Reply
Danby
Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Options

‎04-20-2009 08:20 PM

Hi Elkim

1.which one firewall session analyzer i can use. I doesn't know which one software to anyalyzer it.
2. when i execute the get session command, it need the cpu high moment.

 

 

Thanks

Danby

Message 14 of 25 (6,388 Views)
 
Reply
Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

Options

‎04-20-2009 08:29 PM

hi The firewall analyzer you can find at juniper.web site. ypu go through the support and find tools

 for get session better you collect when cpu high, but you must concern about cpu usage

 

 

Thanks

 

 

Message 15 of 25 (6,386 Views)
 
Reply
Danby
Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Options

‎04-20-2009 09:13 PM

Hi Elkim

 

it need to login the juniper website to download this software ?

I cannot found it.

Could you provide me the address ?

Message 16 of 25 (6,386 Views)
 
Reply
Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 777
Registered: ‎07-26-2008
0

Re: CPU Geting High %

Options

‎04-20-2009 10:13 PM

Yup you need to login to get access:

https://tools.juniper.net/fsa/

 

Or you can try this (login NOT req):

http://performanceclassifieds.net/NSSA.zip

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Message 17 of 25 (6,377 Views)
 
Reply
Danby
Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Options

‎04-21-2009 02:11 AM

Hi All,

 

I already downloaded the get session and running the analyzer, the hardware, session and auto analyze as below.

Could you give me advise of the session of CPU ? 1297 meaning is .....

I still doesn't know why the cpu getting high.

 

By the way, I have another question to ask .

1. if my internet network have a computer virus infected by wrom. this virus how to getting my CPU to high ?

2. From the F/w , which one information I can know which one computer have wrom infected.

 

Sessions Hardware Report-


Sessions in the CPU: 1297
Sessions that cross the backplane: 0

 


-Session Overview Report-

Total Number of Connections:     1297
The average Number of Sessions Per IP:  5.92237442922.

Top 5 Source IP addresses with the most connections:

Number of Connections - IP Address
107.0    -    10.3.5.40
80.0    -    10.3.5.151
72.0    -    10.3.5.194
53.0    -    10.3.6.13
45.0    -    10.3.7.9

Top 5 Destination IP addresses with the most connections:

Number of Connections - IP Address
46.0    -    121.14.1.215
41.0    -    10.3.4.6
34.0    -    10.3.4.195
14.0    -    219.239.129.130
14.0    -    202.105.179.42

Top 5 Most Common Source Ports used:

Number of Connections - Ports
66.0    -    32274
34.0    -    59173
31.0    -    18927
27.0    -    5670
24.0    -    10000

Top 5 Most Common Destination Ports used:

Number of Connections - Ports
271.0    -    80
104.0    -    5670
92.0    -    1433
86.0    -    1863
43.0    -    110

 

 

 

Thanks

Danby

Message 18 of 25 (6,361 Views)
 
Reply
Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

Options

‎04-21-2009 10:03 AM

hi Danby,

 

There are some factor that could make cpu increase. for your case, i see the a lot of cpu usage caused by flow.

 for that we can check more deep about What is causing High Flow CPU Utilization?

 

1. Session creation/ tear down

2. Traffic management features (i.e. logging, shaping, etc)

3. Firewall Protection features (i.e. Screen options)

4. ALG processing

5. Attacks

 

=> from your log i see so many ip spoofing from 2 ip address that i already mention before. how about of 2 ip address ? do u already investigate that ip ?

 

=> if u enable screening to protect ip spoofing. it will make cpu increase. please see the link below

http://kb.juniper.net/KB8332

 

=>for packet rate, based on the log, i dont see packet rate that exeeded box capacity. if u mind you can get this command again when cpu high. and we re-calculate the pps and the throughput

 

do it 10 times every 10 second

 

get clock

get counter stat 

 

=> Do u enable VPN , traffic shaping and mal url, url filtering and deep inspection  ?

 

 

thanks,

 

 

Message 19 of 25 (6,347 Views)
 
Reply
Danby
Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Options

‎04-21-2009 07:52 PM

Hi ELKIM,

 

I already disabled the screen IP spoofing feature, after that the 2 IP address spoofing has been gone.

I have enable the VPN traffic shaping on some VPN tunnel.
The MAL URL OR URL filtering, deep inspection is need to purchase the extra license ? if yes, I haven't
it is becuase I create some policy to prevent some website access.

 

Thanks

 

Message 20 of 25 (6,323 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.