Cisco Bug CSCsh15587
If you are running ASA/PIX version 7.x then you may need to upgrade to version 7.23 to avoid your firewall running at 99% CPU utilization. There is a bug in Cisco ASA/PIX version 7.01-7.22 that causes the firewall to run to 99% CPU utilization when a telnet (or SSH) session requests large quantities of data (which FirePlotter does frequently).
Cisco's response on FirePlotter Support Team reporting this problem:
|From: Tamas Csallo
Sent: Monday, November 19, 2007 8:08:57 AM
Subject: Re: 607304095 PIX 515E 7.2(2) CPU 99% with 'show config' Hello Chris,
I have double checked the symptoms and I made some research about it.I found that this behaviour has been seen before and documentation under the following number: CSCsh15587
You can find some more information about under the following link:
From the release notes:
When executing "show conf", high CPU utilization can be seen.
This happens from ver7.0, and does not happen in ver6.3(4) and 6.3(5).
Conditions:Use ver7.0 or later configuration size is large (default config does not show the issue)
- This would explain, why this is behavior has not seen on version 7.2(3).
- Please let me know if you have any further question.Have a nice day.
More Bug details:
In Last Year
Cisco ASA 5500 Series Adaptive Security Appliances
Filtering, Proxy and Stateful Inspection (Firewall)
Information contained within Bug ID CSCsh15587 is currently under review for publishing on Bug Toolkit and will be available soon, often within one or two business days. The publishing team has been automatically alerted to expedite the review of this bug so it may be available sooner than usual. Further, you may add this bug to your watch group to be notified when the bug is made available to you.
What FirePlotter users have said...
"I was able to resolve bandwidth issues within minutes after installing Fire Plotter."
"I found the real-time operation of your product more useful than log analysis."