Monitoring and Troubleshooting Performance

Monitoring and Troubleshooting

Performance

We mentioned ahead the accent of analogous the archetypal of PIX firewall

you arrange to the demands you abode on it.You charge to accede several factors

in accession to the bulk of cartage you are passing.Table 10.3 summarizes the

loads that anniversary archetypal can handle, including advice about encryption.

Ensure that your architecture considers these amount limits.

www.syngress.com

your reseller adeptness not accept the abyss and across of

knowledge that Cisco does, as a reseller, it adeptness be able to

offer you a abundant abatement on support.

 Using Cisco via the SMARTnet affairs can ensure that you

always accept admission to a ample basin of able adeptness and

the “latest and greatest” advice apropos configuration,

troubleshooting, and bug fixes. The Cisco Web site

offers a abundance of accoutrement and advice that you can use to

aid your troubleshooting. You can additionally opt to admission the

Cisco Connection Online (CCO) associates to accretion admission to

even added abutment such as the adeptness to accessible or browse TAC

cases online. SMARTnet additionally provides accouterments replacement

and software upgrades.

Two things can breach on your PIX firewall: the software or the hardware.

To assure adjoin accouterments failures, you accept the advantage of stockpiling

spares. Depending on the arrangement of alive to banal units, this choice

could be amount prohibitive. Software can be bedeviled with bugs that you

discover afterwards you accept deployed the absolute configuration. Certain commands

or appearance adeptness not assignment as you appetite them to or not assignment at

all. In any case, you will crave advice from Cisco to assignment around

the botheration or admission to the latest absolution of software that fixes your

problem. In general, you are bigger off putting your firewall beneath a

SMARTnet aliment arrangement with Cisco to ensure that you always

have admission to the latest releases of software. Software is generally

much added difficult to fix on your own than hardware, which you can

easily alter in case of a failure. You absolutely cannot carbon the software

code to fix a problem, and you’ll end up spending an excessive

amount of time developing a workaround to a botheration acquired by a

buggy software release.

Troubleshooting and Achievement Ecology • Chapter 10 603

Table 10.3 PIX Firewall Archetypal Appearance and Capabilities

Model Accouterments Cleartext DES IPsec 3DES IPsec Simul-

Maximums Through- Through- Through- taneous

(CPU/SDRAM put put put VPN

/FLASH) Tunnels

501 133MHz AMD 10Mbps 6Mbps 3Mbps 5 peers

SC520

16MB RAM

8MB Flash

506 200MHz Intel 20Mbps 20Mbps 10Mbps 25 peers

(EOS) Pentium

32MB RAM

8MB Flash

506E 300MHz Intel 20Mbps 20Mbps 16Mbps 25 peers

Celeron

32MB RAM

8MB

515 200MHz Intel 146Mbps 20Mbps 10Mbps 25 peers

(EOS) Pentium

32MB RAM

8MB Flash

515E 433MHz Intel 188Mbps 33– 63Mbps UR 2,000

Celeron 120Mbps 22Mbps R

64MB RAM

16MB Flash

520 350MHz Intel 370Mbps 20Mbps 10Mbps *

(EOS) Celeron

64MB RAM

16MB Flash

525 600MHz Intel 360Mbps 120– 70Mbps 2,000

Pentium III 140Mbps

256MB RAM

16MB Flash

535 1GHz Intel 1Gbps 200Mbps 100Mbps 2,000

Pentium III

1GB PC133 RAM

16MB Flash

www.syngress.com

604 Chapter 10 • Troubleshooting and Achievement Monitoring

Cleartext throughput agency unencrypted abstracts casual through the firewall,

while IPsec (DES and 3DES) throughput is advised encrypted.The cleartext

throughput of the PIX firewall ranges from a low of 10Mbps to a aerial of 1Gbps.

Three key apparatus of the PIX firewall that affect achievement are the

CPU, memory, and arrangement interfaces.You charge to accept how to monitor

these apparatus and ensure that their amount is not extensive the limits.We discuss

the ecology of these three apparatus in the afterward sections.The ultimate

question is, can your firewall handle the endless you will abode on it?