ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Unsetting flow-filter porks my ssg140

03.21.12   |  
‎03-21-2012 03:52 PM

Why is it that whenever I unset a flow-filter that suddenly my ssg140's CPU spikes essentially killing any throughput for traffic?

 

As we speak right now I can't even ping a directly connected interface from my pc without 5k ms latency.

 

I've noticed this behavior on several of my ssgs.

 

Any help would be appreciated.

 

Thanks!

4 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Unsetting flow-filter porks my ssg140

03.21.12   |  
‎03-21-2012 08:16 PM

Hi,

 

What version are you using on SSG140?

Can you share the flow filters that were removed.

 

Regards.

Hardeep

ScreenOS Firewalls (NOT SRX)

Re: Unsetting flow-filter porks my ssg140

03.22.12   |  
‎03-22-2012 09:42 AM

Actually - I think I know what's happening.

 

I think I need to 'undebug all' before remove the flow filter.

 

If I only remove the flow-filter, without turning off the debug, then it probably starts debugging everything.

 

Is my line of thinking correct?

 

Thanks!

ScreenOS Firewalls (NOT SRX)

Re: Unsetting flow-filter porks my ssg140

03.22.12   |  
‎03-22-2012 09:26 PM

Hi,

 

Yes thats true.

As a best practice, once you start a debug, always ensure to immediately turn it off before you start looking into the output.

 

Regards.

Hardeep

ScreenOS Firewalls (NOT SRX)

Re: Unsetting flow-filter porks my ssg140

05.31.12   |  
‎05-31-2012 10:04 AM

As a note, just hit ESC key Smiley Happy