Hi, we are upgrading SSG320M to ISG2000, when I transfered the configuration from SSG320M to ISG2000, I noticed that ISG2000 is using significantly more memory than SSG320M with the same configuration even when it is sitting idle (almost 600M on isg2000 sitting idle vs 100M on SSG320M in production). Only difference is AV is enabled on ISG2000. Anything obviously wrong? isg2000 has 500K session vs ssg320 has 64K session, would that make much difference in terms of memory usage? your input is greatly appreciated.
======ISG2000 running latest 6.3.0r14.0=====
isg2000(M)-> get memory
Memory: allocated 582552976, left 190243392, frag 42, fail 0
isg2000(M)-> get memory pool
Global memory pools:
NAME SYS_MEM ALLOCMEM NALLOC NFREE OVERSZ QUOTA
==============================================================================
Routing 16436 648 54 1037 0 -1
SSHv2 String Pool 0 0 0 0 0 -1
ICAP CLIENT OBJ 0 0 0 0 0 -1
APP OBJ 0 0 0 0 0 -1
apppry reserved pak 0 0 0 0 0 -1
idp 23877900 22080664 376416 1989 0 90157056
JPS Notify 0 0 0 0 0 -1
JPS Context 16420 56 2 517 0 -1
defrag pool 0 0 0 0 0 4500000
net 24572 0 0 714 0 -1
Auth Id Table 0 0 0 0 0 -1
CAVIUM 9433088 9184000 30733 330 10 -1
NET-PAK 0 0 0 0 0 134217728
PKI-IKE 653928 509248 5282 1252 668 -1
sys 515952 347984 4220 1337 0 -1
isg2000(M)-> get license-key
advanced_key : <snip>
Model: Advanced
Sessions: 500064 sessions
Capacity: unlimited number of users
NSRP: ActiveActive
VPN tunnels: 10000 tunnels
Vsys: None
Vrouters: 3 virtual routers
Zones: 34 zones
VLANs: 2000 vlans
Drp: Enable
Deep Inspection: Enable
Deep Inspection Database Expire Date: Disable
Signature pack: Signature update key is missing
IDP: Disable
AV: Enable(1)
Anti-Spam: Disable(0)
Url Filtering: Disable
vs. production SSG320M running 6.3.0r9.0
ssg320(M)-> get memory
Memory: allocated 95868144, left 602314448, frag 25, fail 0
ssg320 (M)-> get memory pool
Global memory pools:
NAME SYS_MEM ALLOCMEM NALLOC NFREE OVERSZ QUOTA
==============================================================================
Routing 16436 3696 293 798 0 -1
SSHv2 String Pool 0 0 0 0 0 -1
idp 3029584 2640376 49415 2152 0 26943488
JPS Notify 0 0 0 0 0 -1
JPS Context 8212 48 2 290 0 -1
defrag pool 390104 0 0 680 0 975000
net 24572 0 0 714 0 -1
Auth Id Table 0 0 0 0 0 -1
CAVIUM 9433088 9184000 30733 330 10 -1
NET-PAK 455292 2720 8 704 0 536870912
PKI-IKE 816236 656832 6237 1565 445882 -1
sys 719600 501716 6451 1399 0 -1
ssg320(M)-> get license-key
Model: Advanced
Sessions: 64064 sessions
Capacity: unlimited number of users
NSRP: ActiveActive
VPN tunnels: 500 tunnels
Vsys: None
Vrouters: 8 virtual routers
Zones: 40 zones
VLANs: 125 vlans
Drp: Enable
Deep Inspection: Enable
Deep Inspection Database Expire Date: Disable
Signature pack: Signature update key is missing
IDP: Disable
AV: Disable(0)
Anti-Spam: Disable(0)
Url Filtering: Disable
Update server url: nextwave.netscreen.com/key_retrieval
License key auto update : Disabled
Auto update interval : 0 days