Yes thats right it 50 % idel but if i push a
policy it rematches all connections and cpu goes
really high. It drops vpn tunnels.
Kind regards
Tauseef Khan
Infrastructure Team
Mob: 07796447091
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Reinhard Stich
Sent: 01 November 2007 12:13
To: [email protected]
Subject: [FW-1] AW: [FW-1] VIPER 4 card
hi,
looks like your cpu is 50% idle... Why do you think you have a high cpu?
if you reboot or do a cprestart you can read the ps output easier...
br
reinhard
--
Reinhard Stich, Internet Security AG
Mobile email powered by Nokia Intellisync
-----Ursprüngliche Nachricht-----
Von: No Name Available
Gesendet: 01.11.2007 12:23:51
An: Mailing list for discussion of Firewall-1
Betreff: Re: [FW-1] AW: [FW-1] VIPER 4 card
Thanks Reinhard
I have done that now and fwaccel stats show:
fwaccel stat
Accelerator Status : on
Templates : disabled by FireWall-1 starting from rule #1
Accelerator Features : Accounting, NAT, Cryptography, Routing,
HasClock, Templates, VirtualDefrag, GenerateIcmp,
IdleDetection, Sequencing, TcpStateDetect,
AutoExpire, DelayedNotif, McastRouting,
WireMode
Cryptography Features : Tunnel, UDPEncapsulation, MD5, SHA1, NULL,
3DES, DES, AES-128, AES-256, ESP, LinkSelection,
DynamicVPN, NatTraversal, EncRouting
The reason i installed the card was that i was
experiencing high cpu all the time on my ip1220
machines in HA mode. Vpnd process was taking
around 25% of cpu before. After viper card
installation the processing hasn't gone down but
I cannot see any process ps -aux which is
utilising the cpu. Please see ps -aux and vmstat below:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 3435 0.0 0.0 472 208 p0 R+ 11:15AM 0:00.01 ps -aux
root 1 0.0 0.0 356 172 ?? Is 12:05PM 0:00.00 /sbin/init --
root 2 0.0 0.0 0 0 ?? DL 12:05PM 0:00.00 (pagedaemon)
root 3 0.0 0.0 0 0 ?? DL 12:05PM 0:00.00 (vmdaemon)
root 4 0.0 0.0 0 0 ?? DL 12:05PM 0:08.44 (update)
root 131 0.0 0.1 1760 1480 ?? Is 12:05PM 0:00.07 /bin/pm
root 144 0.0 0.0 208 572 ?? Is
12:05PM 0:01.14 /usr/sbin/syslog
root 165 0.0 0.0 472 336 ?? I
12:05PM 0:00.01 /bin/csh -fb /op
root 170 0.0 0.2 5552
4060 ?? I 12:05PM 0:00.20 /opt/CPsuite-R61
root 288 0.0 0.1 7032 2564 ?? Ss 12:05PM 0:01.93 /bin/ipsrd -N
root 304 0.0 0.2 3356 4744 ?? Ss 12:05PM 1:29.72 /bin/xpand
root 305 0.0 0.1 912
1248 ?? Is 12:05PM 0:04.15 /bin/ifm /config
root 372 0.0 0.0 232 680 ?? Is
12:05PM 0:00.00 /usr/sbin/inetd
root 378 0.0 0.1 256
1160 ?? Is 12:05PM 0:00.01 /opt/CPsuite-R61
root 392 0.0 0.2 2952
3644 ?? Is 12:05PM 0:07.74 /bin/clishd defa
root 393 0.0 0.1 224
1696 ?? Is 12:05PM 0:00.01 /bin/ipsopmd -s
root 394 0.0 0.2 4452 4340 ?? Ss 12:05PM 0:29.21 /bin/snmpd -f
root 395 0.0 0.1 1672 2220 ?? Is 12:05PM 3:47.55 /bin/monitord
root 398 0.0 0.0 424 948 ?? Is 12:05PM 0:00.00 /bin/oamd
root 399 0.0 0.0 268 612 ?? Is
12:05PM 0:00.35 /usr/sbin/cron
root 400 0.0 0.0 204 588 ?? Is 12:05PM 0:00.00 /bin/pccardd
root 401 0.0 0.1 488
1552 ?? Is 12:05PM 0:00.48 /usr/sbin/sshd-x
root 419 0.0 0.0 160 568 ?? I
12:05PM 0:00.00 /usr/libexec/get
root 420 0.0 0.0 160 568 ?? I
12:05PM 0:00.00 /usr/libexec/get
root 421 0.0 0.0 160 568 ?? I
12:05PM 0:00.00 /usr/libexec/get
root 422 0.0 0.0 648 560 d0 Is+ 12:05PM 0:00.08 -csh (csh)
root 1467 0.0 0.1 1056
2968 ?? Is 1:06PM 0:08.97 /opt/CPsuite-R61
root 1488 0.0 1.6 22540 32844 ?? Ss 1:06PM 2:09.53 cpd
root 1677 0.0 1.4 20936
28884 ?? Ss 1:06PM 0:21.45 /opt/CPsuite-R61
root 1685 0.0 2.6 52536 54024 ?? Ss 1:06PM 1:17.94 fwd (fw)
root 1705 0.0 2.0 31024
42036 ?? I 1:06PM 0:18.63 in.asessiond 0 (
root 1706 0.0 2.0 31104
42096 ?? S 1:06PM 0:24.28 in.aufpd 0 (fwss
root 1707 0.0 2.3 35396 48584 ?? S 1:06PM 4:42.08 vpnd 0 (vpn)
root 1708 0.0 2.1 32272
42820 ?? S 1:06PM 1:06.87 mdq 0 (fwssd)
root 1712 0.0 0.5 1680
9856 ?? S 1:06PM 3:34.73 dtlsd 0 (dtls)
root 1842 0.0 0.1 700 1092 ?? S<s 1:59PM 0:07.46 /bin/xntpd
root 2869 0.0 0.1 1128
2900 ?? Ss 12:45AM 0:02.33 /bin/httpd -d /w
nobody 2870 0.0 0.1 2052
2724 ?? I 12:45AM 0:00.22 /bin/httpd -d /w
nobody 2871 0.0 0.1 1228
1428 ?? I 12:45AM 0:00.04 /bin/httpd -d /w
root 3197 0.0 0.1 688
1332 ?? S 9:40AM 0:01.21 sshd-x: [EMAIL PROTECTED]
root 3208 0.0 0.0 648 524 p0 Ss 9:40AM 0:00.10 -csh (csh)
nobody 3233 0.0 0.0 1128 744 ?? I
9:46AM 0:00.00 /bin/httpd -d /w
nobody 3240 0.0 0.0 1128 804 ?? I
9:47AM 0:00.00 /bin/httpd -d /w
root 0 0.0 0.0 0 0 ?? DLs 12:05PM 0:00.13 (swapper)
vmstat 4
procs memory page disks faults cpu
r b w avm fre flt re pi po fr sr
w0 w1 w2 in sy cs us sy id
0 0 0 432012
1649384 44 2 0 0 38 0 0 5 4 20297 1295 31 1 49 51
0 0 0 373748
1649380 4 0 0 0 1 0 0 0 0 14623 653 21 0 30 69
0 0 0 373808
1649380 50 1 0 0 49 0 0 0 0 14244 570 20 0 30 70
0 0 0 422464
1649380 0 0 0 0 0 0 0 2 2 14210 576 19 0 30 70
0 0 0 432072
1649380 50 1 0 0 49 0 0 0 0 14915 744 34 0 34 66
0 0 0 432164
1649380 1 0 0 0 0 0 0 0 0 14090 700 22 0 29 71
0 0 0 432164
1649380 1 0 0 1 0 0 0 2 2 14512 583 19 0 31 69
0 0 0 431364
1649380 50 1 0 0 49 0 0 0 0 14949 560 19 0 32 68
0 0 0 382708
1649380 0 0 0 0 0 0 0 0 0 15274 565 19 0 32 68
0 0 0 372360
1649380 53 1 0 0 49 0 0 0 0 13681 578 20 0 28 72
0 0 0 375516
1649372 1 0 0 0 0 0 0 1 1 13461 8179 21 1 29 70
0 0 0 433780
1649372 1 0 0 0 0 0 0 0 0 13691 648 31 0 30 70
0 0 0 434520
1649372 50 1 0 0 49 0 0 0 0 13871 706 21 0 29 71
0 0 0 434520
1649372 0 0 0 1 0 0 0 5 5 13847 625 21 0 29 70
0 0 0 436156
1649372 50 1 0 0 49 0 0 0 0 13831 633 21 0 30 70
0 0 0 433000
1649372 1 0 0 0 0 0 0 0 0 14218 654 20 0 29 70
0 0 0 374736
1649372 4 0 0 0 0 0 0 0 0 13687 517 17 0 29 71
0 0 0 374796
1649372 50 1 0 0 49 0 0 0 0 11851 732 23 0 26 74
Appreciate help
Kind regards
Tauseef Khan
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of Reinhard Stich
Sent: 01 November 2007 10:22
To: [email protected]
Subject: [FW-1] AW: [FW-1] VIPER 4 card
hi,
did you enable it in voyager and register it to fw1?
try to run fwaccel on
br
reinhard
--
Reinhard Stich, Internet Security AG
Mobile email powered by Nokia Intellisync
-----Ursprüngliche Nachricht-----
Von: No Name Available
Gesendet: 01.11.2007 10:56:10
An: [email protected]
Betreff: [FW-1] VIPER 4 card
I installed a viper 4 card in my ip1220 nokia machines. In Voyager I
turned the card on but it doesn't give any stats:
fwaccel stat
Accelerator Status : off
Accelerator Features Mask : not available
Cryptography Features Mask : not available
Kind regards
Tauseef
This electronic message contains information
from bet365 Group Limited which may be
privileged or confidential. The information is
intended to be for the use of the individual(s)
or entity named above. If you are not the
intended recipient be aware that any disclosure,
copying, distribution or use of the contents of
this information is prohibited. If you have
received this electronic message in error,
please notify us by telephone or email immediately.
Activity and use of the bet365 Group Limited
email system is monitored to secure its
effective operation and for other lawful
business purposes. Communications using this
system will also be monitored and may be
recorded to secure effective operation and for other lawful business purposes.
bet365 Group Limited
Registered office: Hillside, Festival Way,
Stoke-on-Trent, Staffordshire, ST1 5SH
Registered in England no. 3958393
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
