04-27-2011 08:41 AM
Just to add on: Make sure to Turn ON the dbuf buffer.
This sets up a portion of memory required to hold the debug information needed. When troubleshooting the firewall, the output of the debug will be directed either to the console or to a buffer. Usually, the debugging information should go to the buffer, opposed to the console. When information is sent to the console, it is resource intensive, and can produce performance problems if too much debugging information is sent to the console. The alternative is sending the data to a buffer called dbuf.
From the command line interface (CLI): set console dbuf
I recently faced a problem, where someone is deubgging the packets to the self and due the large dbuf stream entry, it slowed the firewall and caused issues.
JNCIS (SEC/ER/FWV), JNSS(Adv. Security), X-JTAC
07-27-2013 08:26 AM