For possible hidden faults to troubleshoot device performance through daily monitoring.
Information needs to focus on routine maintenance ----
1.CPU:
GET appear as per the session high cpu utilization should be to see if there is a network ***, uptime utilization should be less than% 45
2.memory:
no-load memory usage of around 50%, with this flow increasing utilization rate of around 60%, remained stable, if the situation appears to be more than 75% *** check for malicious traffic.
3.session:
If the session maximum value close to the system, consider the equipment capacity constraints, and timely upgrades. get per session
peak usage time to check the above information in the business, establish a baseline value, and so when faced with an emergency situation, compared to the reference value, if more than 20% of the reference, and alarm information to check if the session cpu usage over baseline value of 30% need to see the abnormal traffic, alarm logs.
------ emergency
当网络出现异常情况时应尽快检查防火墙各项指标状态,也可打开debug 功能跟踪包处理过程,检查配置策略是否有问题。
1、检查设备运行状态
快速查看CPU、memory、session等是否正常
2、跟踪防火墙数据包处理情况
如果出现部分网络无法正常访问,顺序检查接口状态、路由、策略配置等。
3、检查是否存在***流量
通过查看告警信息来确认是否有异常信息。Summarizes improvements:
After each failure, should sum up and improve, so as to effectively prevent similar failures from happening again. Summary fault causes, and confirm that the fault has been ruled out, you can build a test environment where conditions permit, the relevant question test again, to assess whether there is an existing configuration problem. By analyzing possible to identify weaknesses and potential risks.
--------- troubleshooting of debug tools
for tracking the processing of the firewall packet
. 1, the src-SET ffilter IP DST IP- DST Port XX-filter list provided, the scope of the definition of packet capture
2, clear dbuf clear the memory cache of the firewall analysis package
3, debug flow basic turn on debug function
4, transmitting test packets
5, undebug all closed debug function
6, get dbuf stream inspection firewall analysis of data packet
7, unset ffilter firewall debug Clear filter list
8, clear dbuf remove the firewall debug cache information
9, get debug view the current debug settings
-------- snoop troubleshooting tools of
the software functions similar sniffr
. 1, the src-SET ffilter IP DST IP- DST Port XX-filter list provided, the scope of the definition of packet capture
2, clear dbuf clear the memory cache of the firewall analysis package
3, snoop snoop function is turned on
4, transmitting test packets
5, snoop off stop snoop function
6, get db analysis stream packet inspection firewall
7, snoop ffilter delete Clear firewall snoop filter list
8, clear dbuf remove the firewall snoop cache information
9, snoop info snoop view the current settings