ScreenOS Firewalls (NOT SRX)
Reply
Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

hi Danby,

 

be carefull sometimes get session will make cpu high. 

 

Thanks

Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Hi Elkim

 

I get another high traffic log for you , it is because the before one is sometime lower down the CPU high.

Please check your mail

 

Thanks

Danby

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

Hi Danby,

 

do u already check my previous suggestion ?

 

Thanks

Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Hi Elkim

1.which one firewall session analyzer i can use. I doesn't know which one software to anyalyzer it.
2. when i execute the get session command, it need the cpu high moment.

 

 

Thanks

Danby

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

hi The firewall analyzer you can find at juniper.web site. ypu go through the support and find tools

 for get session better you collect when cpu high, but you must concern about cpu usage

 

 

Thanks

 

 

Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Hi Elkim

 

it need to login the juniper website to download this software ?

I cannot found it.

Could you provide me the address ?

Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 790
Registered: ‎07-26-2008
0

Re: CPU Geting High %

Yup you need to login to get access:

https://tools.juniper.net/fsa/

 

Or you can try this (login NOT req):

http://performanceclassifieds.net/NSSA.zip

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Hi All,

 

I already downloaded the get session and running the analyzer, the hardware, session and auto analyze as below.

Could you give me advise of the session of CPU ? 1297 meaning is .....

I still doesn't know why the cpu getting high.

 

By the way, I have another question to ask .

1. if my internet network have a computer virus infected by wrom. this virus how to getting my CPU to high ?

2. From the F/w , which one information I can know which one computer have wrom infected.

 

Sessions Hardware Report-


Sessions in the CPU: 1297
Sessions that cross the backplane: 0

 


-Session Overview Report-

Total Number of Connections:     1297
The average Number of Sessions Per IP:  5.92237442922.

Top 5 Source IP addresses with the most connections:

Number of Connections - IP Address
107.0    -    10.3.5.40
80.0    -    10.3.5.151
72.0    -    10.3.5.194
53.0    -    10.3.6.13
45.0    -    10.3.7.9

Top 5 Destination IP addresses with the most connections:

Number of Connections - IP Address
46.0    -    121.14.1.215
41.0    -    10.3.4.6
34.0    -    10.3.4.195
14.0    -    219.239.129.130
14.0    -    202.105.179.42

Top 5 Most Common Source Ports used:

Number of Connections - Ports
66.0    -    32274
34.0    -    59173
31.0    -    18927
27.0    -    5670
24.0    -    10000

Top 5 Most Common Destination Ports used:

Number of Connections - Ports
271.0    -    80
104.0    -    5670
92.0    -    1433
86.0    -    1863
43.0    -    110

 

 

 

Thanks

Danby

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: CPU Geting High %

hi Danby,

 

There are some factor that could make cpu increase. for your case, i see the a lot of cpu usage caused by flow.

 for that we can check more deep about What is causing High Flow CPU Utilization?

 

1. Session creation/ tear down

2. Traffic management features (i.e. logging, shaping, etc)

3. Firewall Protection features (i.e. Screen options)

4. ALG processing

5. Attacks

 

=> from your log i see so many ip spoofing from 2 ip address that i already mention before. how about of 2 ip address ? do u already investigate that ip ?

 

=> if u enable screening to protect ip spoofing. it will make cpu increase. please see the link below

http://kb.juniper.net/KB8332

 

=>for packet rate, based on the log, i dont see packet rate that exeeded box capacity. if u mind you can get this command again when cpu high. and we re-calculate the pps and the throughput

 

do it 10 times every 10 second

 

get clock

get counter stat 

 

=> Do u enable VPN , traffic shaping and mal url, url filtering and deep inspection  ?

 

 

thanks,

 

 

Contributor
Danby
Posts: 18
Registered: ‎04-19-2009
0

Re: CPU Geting High %

Hi ELKIM,

 

I already disabled the screen IP spoofing feature, after that the 2 IP address spoofing has been gone.

I have enable the VPN traffic shaping on some VPN tunnel.
The MAL URL OR URL filtering, deep inspection is need to purchase the extra license ? if yes, I haven't
it is becuase I create some policy to prevent some website access.

 

Thanks

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.