The URL below shows almost exactly what was reported (in field notices): http://www.cisco.com/warp/public/770/52.html
We've had a few with the problems mentioned, notably a failover bundle which an engineer flew out to Iberia to install. Must nip back and sort it out. Gareth ""Elijah Savage"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hardware flaws hang some Cisco firewalls > Failures don't threaten security, but could cause network availability > headaches > > > Stephen Lawson, SAN FRANCISCO > Hardware flaws in some Cisco Systems firewalls for corporate central and > branch offices have caused the systems to hang or shut themselves down > and forced Cisco to replace the affected boxes. > > Some Cisco Pix 515, 515-DC and 506 Firewalls have suffered system hangs > when traffic on the network becomes too heavy, requiring IS staff to > manually restart the firewall, Cisco reported in an October 18 field > notice on its website. Cisco expects the problem to occur most often in > the 515 models, which are designed for corporate central offices, but > said it may also happen in 506 units in some cases. The 506 is designed > for branch offices, which tend to experience lower traffic levels. > > The firewalls typically are installed between a company's internal > network and the internet to guard against intrusion. The flaws can cut > off an internet connection that runs through a firewall but will not > cause a connection to become insecure, Cisco said on its website. > Officials at the company weren't available to comment in detail about > the problem. > > While the failures don't pose a security issue, they could cause network > availability headaches for a number of large corporations. Cisco holds > about one quarter of the overall firewall market, according to Richard > Stiennon, a Gartner analyst in Detroit. A serious hardware flaw in such > a widely sold firewall device is probably unprecedented, Stiennon says. > > Cisco has traced the source of the problem to a component that the > networking giant began buying from a new supplier in May. The > component's timing is slightly different from that on previous units, > and the difference makes the system unstable, according to the field > notice. Units made after October 2 don't have the flaw. > > Cisco is replacing the firewalls for registered customers, free of > charge. However, because the replacement units need to come from the > company's manufacturing facilities in California instead of stock in > local service centres, service agreements for overnight replacement > can't necessarily be met, especially outside the US. > > The only workaround Cisco offers is to reduce the traffic load by > hard-coding all the firewall's interfaces to 10Mbit/s, or making a > change elsewhere in the network that reduces traffic to that level. The > units most often hang when traffic exceeds 15Mbit/s, though the > threshold varies, according to Cisco. The devices are available with > 10Mbit/s, 100Mbit/s, or 1Gbit/s interfaces. > > Few enterprises are equipped to deal with a workaround that would > throttle down a critical network connection so dramatically, Gartner's > Stiennon says. On the bright side, only a small percentage have internet > connections of more than 10Mbit/s, he adds. > > Cisco also reported on October 18 a flaw in the way power supplies are > attached to motherboards in some Pix 506 Firewalls. Over time, friction > and vibration can work the power connection loose, causing the firewall > to freeze or reboot, according to the field notice. A cable tie-down was > introduced on October 2 that will keep the power supply attached. > > Cisco is replacing the affected 506 units for registered customers, free > of charge. As a workaround, Cisco provides instructions on its website > for opening the firewall and reinserting the power connector in the > motherboard. > > The failures and possible long waits for replacements put the spotlight > on one problem with integrated hardware-software "appliances" such as > the Pix Firewalls, Stiennon says. If hardware problems befall a software > firewall, such as one from Check Point Software Technologies, most users > can solve them easily and quickly by replacing the Intel-based PC on > which the software runs. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24725&t=24725 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]