ScreenOS Firewalls (NOT SRX)
Showing results for 
Search instead for 
Do you mean 
Reply
Super Contributor
Posts: 231
Registered: ‎12-01-2008
0 Kudos

Re: CPU Geting High %

=> hi, how about after u disable the screening function ( please be note: u shoud check both of ip address to verify wheater attack or not) ?

 

=> if u enable VPN, what P1 propsoal dan p2 proposal that u use ? do u use AES encryption ?

=> do u enable policy count on traffic shaping policy ?

 

 

Thanks

 

Elkim

Contributor
Posts: 18
Registered: ‎04-19-2009
0 Kudos

Re: CPU Geting High %

Hi Elkim,

 

After I disabled the spoofing function. it have reduce the CPU running around 5x% but it still getting
high CPU at the morning and sometime.

My VPN  p1 and p2 are using the "pre-g2-3des-sha " and " nopfs-esp-3des-sha" with 11 VPN tunnel used.
no AES encryption use

I have enable the policy count on traffic shaping at two or three tunnel.

 

Thanks

Super Contributor
Posts: 231
Registered: ‎12-01-2008
0 Kudos

Re: CPU Geting High %

hi Danby,

 

Could u disable policy counting for troubleshooting purpose and monitoring ?

 

 

btw if after disable it the CPU still high we should calculate for the packet rate.

 

 

Thanks

 

Elkim

Contributor
Posts: 18
Registered: ‎04-19-2009
0 Kudos

Re: CPU Geting High %

Hi Elkim

 

My policy count is enabled after the CPU getting high, it mean that the policy counting is enabled recent.

I haven't enable any policy counting before.

 

How to calculate the packet rate. would you mind to teach me about it  

 

Thanks

Super Contributor
Posts: 231
Registered: ‎12-01-2008
0 Kudos

Re: CPU Geting High %

HI Sorry for late reply

usually i compute the throuput and PPS manualy but we can use MRTG to monitoring the throuput.

firt you get this command every 10 second, run 10-15 times when CPU goes high

get clock
get counter statistic


after u collect that log, u can mapping that output to spreadsheet for make u easier to automatic calculation

u can create table like this, let say i only have 2 interface confugred, eth1 and eth2


         eth1                      eth1                     eth2                      eth2
in bytes     out bytes    in packets   out packets   in bytes   out bytes    in packets   out packets
554105715     16588408      494501        250053      16668110   554226619     251046       497065
673983947     20080252      596036        302356      20161948   674203624     303382       598814
887462064     26436865        784707      398146      26515569     887593808     399128        787518



After u mapping the log to spreadsheet we calculate the result

         eth1                      eth1                     eth2                      eth2
in bytes     out bytes    in packets   out packets   in bytes   out bytes    in packets   out packets

(673983947 - 554105715)/10
(887462064 - 673983947)/10

do the same with the rest. we divide by 10 because we collect the log every 10 second


after that u can determine the throughput by
A= sum ( eth1 in byte, eth1 out bytes, eth2 in bytes, eth2 outbytes)

then u can determine the PPS by
B= sum (eth1 in packet, eth1 out packetm eth2 in packet, eth2 outpacket)

u also can determine Average packet size by divide A and B


from my prev case, MY CPU also high because of FTP traffic. u can identify that by this command

get session dst-port 21


Thanks,