are you telling me that a policy with only a single rule
"any any any accept"
will eat up all the CPU cycle on a dell machine with P4
2.8 Ghz processor
and 2GB ram during a policy push?
Hugo van der Kooij <hvdkooij VANDERKOOIJ.ORG> wrote:
cisco4ng wrote:
> Hugo,
>
> I have to respectfully disagree with your theory. These
two
> Active/Active SPLAT is running in a lab environment
with
> absolutely NO traffics going across except telnet
traffics.
> The SPLAT firewalls are running on a Dell Optiplex
GX270
> (2.8 Ghz P4 with 2GB of RAM). The Provider-1 is
running
> on a dell server (dual processor 3.2 GHZ with 8GB of
RAM)
> and it has 1 CMA on it. Furthermore, I have only 1
> rules in the policy "any any accept log". I
also set
> "keep all connections". Therefore, I do not
think
> resource is a problem on the SPLAT systems.
You have the flapping effect during policy install because a
policy
install starves the CPU for too long a time. We all know
that a policy
install eats up all CPU cycles for a while on any module.
So there you see the flapping during the policy install.
Hugo.
--
hvdkooijvanderkooij.org http://hugo.vanderkooij.
org/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
---------------------------------
Yahoo! oneSearch: Finally, mobile search that gives
answers, not web links.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|
