Firewall switch module accident
Three days ago we converted to a PIX to a firewall switch module in our 6509. The firewall ran for 2 days and then began to crash randomly (e.g.4 times in 24 hours). When it crashed, a show on the 6509 module indicates that its status is 'OK', but a command session expires. The only way to get back on the line is a "set power module down" and a "set power module upwards.
The accidents occurred in busy periods and in the middle of the night where the traffic was very low.
Messages sent to the syslog server by the switch & the firewall module indicate anything - normal messages (debug level) and then no further communication between the engine firewall.
8.3 switch (3) CatOS and the Firewall version 2.2 (1). Firewall configuration is relatively simple - indoor/outdoor + a dmz - and almost identical to the configuration used on our old unit of 6.3 (3) PIX.
Has anyone seen this behavior before? Are there troubleshooting suggestions for me?
I appreciate any suggestions.
-Peter MacNeil
City of Hamilton
Hello
We have seen hang & crash issues. most of them is fixed in the most recent codes. I would say to just upgrade the code. If you want that the bug ID you can get by opening the case with TAC and providing the news of the accident.
Thank you
Nadeem
Tags: Cisco Security
Similar Questions
-
The power switch of my old HP Pavilion a320n PC motherboard has failed. Someone at - it a source for a new power switch module?
Thank you... Stony
Hello
The SPST momentary switch would have been my first choice.
If I keep the power switch on my depressed e9280t he powered stops after three seconds.
-
I get message 'Error switching modules' after upgraded to 6.3
I've upgraded to the stand-alone 6.3 Lightroom (from 6.2) (not CC) version.
When I run Lightroom, I get the error message "error when you try to switch modules.
I am under Lightroom on a MacBook Pro with El Capitan.
Next big disappointment after 6.2 issues...
After uninstall, 6.0 installation and then manual (not through application Manager) 6.3 update its working again
-
Compatibility matrix for Cisco Catalyst 3012 Switch Module
Hello
I'm checking the compatibility of the VMware vSphere 5.5U1 Guide and an IBM switch module Part Number: 43W4401 product name: Cisco Catalyst Switch Module 3012. The search of the matrix returns Cisco 1GigE I350 LOM who seems to identify the drivers of Cisco.
Can anyone help clarify and check if this IBM re-branded chassis switch module is supported and to a specific firmware for the switch code? Thank you all.
L2/L3 switches are off-limit of drivers for vSphere hypervisor, so you don't find on the HCL...
Here's IBM BladeCenter matrix interop for VMware:
IBM ServerProven compatibility
and here is the interoperability of the switch Cisco Catalyst 3012 with IBM BladeCenter chassis:
IBM BladeCenter Interoperability Test program
I hope this helps...
-
Cisco Nexus 1000V Virtual Switch Module investment series in the Cisco Unified Computing System
Hi all
I read an article by Cisco entitled "Best practices in Deploying Cisco Nexus 1000V Switches Cisco UCS B and C Series series Cisco UCS Manager servers" http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/white_paper_c11-558242.htmlA lot of excellent information, but the section that intrigues me, has to do with the implementation of module of the VSM in the UCS. The article lists 4 options in order of preference, but does not provide details or the reasons underlying the recommendations. The options are the following:
============================================================================================================================================================
Option 1: VSM external to the Cisco Unified Computing System on the Cisco Nexus 1010In this scenario, the virtual environment management operations is accomplished in a method identical to existing environments not virtualized. With multiple instances on the Nexus 1010 VSM, multiple vCenter data centers can be supported.
============================================================================================================================================================Option 2: VSM outside the Cisco Unified Computing System on the Cisco Nexus 1000V series MEC
This model allows to centralize the management of virtual infrastructure, and proved to be very stable...
============================================================================================================================================================Option 3: VSM Outside the Cisco Unified Computing System on the VMware vSwitch
This model allows to isolate managed devices, and it migrates to the model of the device of the unit of Services virtual Cisco Nexus 1010. A possible concern here is the management and the operational model of the network between the MSM and VEM devices links.
============================================================================================================================================================Option 4: VSM Inside the Cisco Unified Computing System on the VMware vSwitch
This model was also stable in test deployments. A possible concern here is the management and the operational model of the network links between the MSM and VEM devices and switching infrastructure have doubles in your Cisco Unified Computing System.
============================================================================================================================================================As a beginner for both 100V Nexus and UCS, I hope someone can help me understand the configuration of these options and equally important to provide a more detailed explanation of each of the options and the resoning behind preferences (pro advantages and disadvantages).
Thank you
PradeepNo, they are different products. vASA will be a virtual version of our ASA device.
ASA is a complete recommended firewall.
-
IMPLEMENTATION of 6500 Firewall Services Module
I know well enough the 5xx PIX firewall and although I read all the docummentation on the WSF for the 6500, I still don't understand how it works.
I have 20 + VLAN with only 1 VLAN I need from 20 other VLANs, but welcomes the user 20 + VLAN must obtain services on the secure VIRTUAL LAN.
According to Documents I have to ' set vlan 1-25 firewall - vlan 9 "so do all the VLANS secure VLAN on the firewall! And that means that I can't road VLAN on the MSFC, because I get an error saying:
"15 are already defined and upward on the MSFC. Cannot be ensured.
So I think to ensure only 1 VLAN all other local networks virtual, all my VLAN routing must go through the firewall because I can't carry the VLANS on the MSFC, which would negate the effectiveness of an MSFC.
I wouldn't be better with an external device of PIX and keep my travel at high speed on the MSFC? or am I missing something here?
in fact, you can secure all your VLAN on the other and let what the routing on the FWSM as well. But if NO, then
just set 2 VLANS (one inside and one outside)
all routing VLAN secured to the outside world will be achieved through the external interface.
Yes, in your case, an external PIX is better to use FWSM. Using FWSM particularly useful if you have several VIRTUAL LANs to be subject
-
What version of PDM for PIX 6.3 (4) on a 515E?
I loaded the last PDM bin 4.1 (1) for PIX os ver 6.3 (4) but I get an error message when I try to access the new PDM:
"Cisco PDM 4.0 for FWSM does not work on PIX. Please install Cisco PDM 3.0 on your PIX"
Hmmm a Pix Device Manager which does not work on PIX? The links were wrong on the cisco.com page that pointed me to this location?
http://www.Cisco.com/cgi-bin/tablebuild.pl/PIX
Are these compatible versions?
Here's my version:
Cisco PIX Firewall Version 6.3 (4)
Cisco PIX Device Manager Version 4.1 (1)
Yes, this message is absolutely right, version 4.x PDM is just for the firewall Switch Module and is not supported by the device of PIX. FWSM supports Transparent firewall features that the PIX does not now support.
Version 3.0.2 PDM.
There will be a new PDM with the PIX OS 7.0 version in the first quarter of 2005.
sincerely
Patrick
-
Cofiguring failover between two JOINT 2 blades in two switch identical 6500
I have two cisco 6500 core switch, each switch has its own JOINT module. How to configure switching module JOINT.
The IPS software (on all devices and JOINT blades) does not support a (unlike many Cisco firewall products) statefull failover. How to run a version of failover is to have the two IDSMs running with the same policies and traffic have move from one frame to another (Mathurine you shouldn't have one side of a TCP session via on leave 6509 and back by the other).
-Bob
-
Hello
Do you think, from the point of view of expert security, replacing a physical IPS with a firewall IPS module will any beneficiary?
any idea which may specify?
Yes you can install modules IPS in routers. Take a look at the following presentation to get an idea of what range of devices are available.
As for your second question, not implementation is strictly good or bad. Situation will dictate what you want to do about the way in which you configure the path to the ISP. My personal preference would be to put a switch between the IPS and the router and configure it accordingly. It gives me a certain flexibility which can allow me to plug in other devices in the network path, if I find that I need to.
-
Hello
I am trying to develop a system to monitor the components on the cards of PCB in the oven, it s essentially has a failure analysis of components such as C, resistors and capacitors.
Here are some of my test system
The test system must monitor the components on the PCB 1 year.
I want to measure the resistances and abilities using a RLC to identify the problem. Failure of the resistance is identified with an open circuit and a failure of the capacitor is identified with a circuit short circuit/open. I have a 420 capacitances to measure and I would like to automate the measurement using multiplexers of NOR.
I got to watch the first ability (C1) 3 minutes (which would be linked to the first input of the multiplexer), followed by second 3 minutes and so on. Once all 420 capacities are monitored, the loop must start from Capacitance C1. I would like to know how to program the switches of the NOR. Could someone please suggest me how to proceed with this. ? Is good enough to automate Labview switches or should I go ahead with the switch management software? Can you please explain in detail because am a beginner in Labview? Forward to your response. Thanks in advance
Hello switcher.
Yes, LabVIEW is an ideal programming environment!
.I suppose you have no switch OR equipment at the present time.
Measurement of the capacitance range are you watching?
What voltage are the plugs at? Looks like it's just a test section, but I guess the capacitors to be held at a constant DC bias? (Otherwise, the test data that you collect is capacitance of the real world).
Without any specific input except the number of capacitors, I recommend 5 multiplexers of PXI-2575 x configured as a 2 son 98 x 1 mux. You can use the PXI-2575 x modules only 3 in mode 1 wire 196 x 1 if your DUJT capacity is sufficient to overcome the parasitic capacitance total of 420 caps (all the negative wires would be linked to the negative contribution of the IGS), but I recommend the approach 2-wire, because it isolates each CAP in a differential measurement.
The PXI-4072 has a function of measure of ability.
With respect to the software, I recommend using NOR-DAQmx switch API, but you can also use the OR-Switch and NI Switch Executive API as well. However, I think that NI Switch Executive is excessive for this application, and it will take a unique session for each switch OR Switch module (OR-Switch is consistent IVI and IVI has no concept of linking several modules).
.. ask away if you have any questions. I'm not "wait I answered them: all in this first response."
-
OR handset and other relays in the direction of the switch
Hello
I am beginner in products OR and now I want to solve a problem.
If I know the relay and their connection paths. These relays are of NEITHER and some other producers. Can I Switch Executive put first and last point and automatically will join them using IVI drivers? Relay cards and theit drivers can be of different producers.
Thank you.
Sorg,
As crossrulz said if you have a correctly installed and configured (in max) IVI driver Executive OR Switch can manage several types of products. This includes switching modules of NOR and switching of third party modules.
To implement automatic routing, you may need to do additional things (such as: providing the report to show how the devices are connected, lines reserve for routing, put in place by the endpoints channel configuration, etc..) Once this is set up, then you can create a connection by specifying endpoints and it will automatically route the things for you.
See you soon!
-
Update the Configuration of the switch switch 2.1 Executive to 3.5
Hello world
I tried the switch 2.1 update Executive to 3.5 and have known, that my configurations have stoppped working. To me, it looks like 3.5 dislikes my IVI configuration for switching modules.
The function check in MAX tells me that the PXI cards are not available. The first page of the configuration of the switch shows no configuration / terminal blocks.
Because the configuration consists of nine matrix with lots of report cards, I would really appreciate a way to properly import the old configurations (xml files are available)
Any ideas?
See you soon
Oli
Hi Oli,
Yes, there was a major change in the Switch Executive 3.5 - it now uses for switching NI DAQmx calls material. There is a KB document the upgrade process a simulated configuration from an earlier version, but of course, you can try the steps that make sense, too:
Import of NI Switch Executive 3.0 and previous virtual devices in OR Switch Executive 3.5 and later versions
http://digital.NI.com/public.nsf/allkb/1D1099A85B156FA68625778500787444
However, I have noticed that the KB Editor uses a configuration file to .txt instead of the .xml you have. I see two options here: first of all, if you have even an operating system with Switch Executive 2.1, you could probably export settings in the form of text or you can try to modify the .xml file manually to resemble the layout of the text (probably a lot of work, you would have to learn the structure of the text by trial and error using newly created Switch E.g. 3.5 configurations...)
Best regards
Sebastian
-
Switch default behavior - PXI2503
Good afternoon
I have a few questions about the behavior of my 2503 PXI switch module. When I close a relay on my switch I hear the click predicted. Therefore, it leads me to think that something in the breast could wear out over time... I want to mitigate if possible. Can someone please help with the following questions regarding the attached VI?
1. If I send a request relay close and this relay is already closed, the switch performs the action anyway? If so, add the logic to determine the current state of the switch only switch possibly prolong the life of the switch module?
2 can. How confident I be that this construction is switching properly? It seems wicked fast. I have to build in some sort of time to settle?
Thank you
Zach
Hey Zach,.
If this acts as "before doing a jump."
depends on whether you use a relay or a channel API. My
suggestion would be to use NISwitch connection strings with the
Disconnect all VI to ensure that all relays are open before
a fence. When you use connection strings, you will have the first
channel is the name of relay and your second channel com0, your
you want to keep your topology as 1-Wire 48 x 1. Please see attachment
photo for a better idea of what I am referring. Take care!aNIta B
Technical sales engineer
National Instruments
-
Several switches inside the a test sequence
Hi all
I'm doing a few stages of switching in a single Multiple digital limit test, so what I did is incorporated all the controls switch in labview. Unfortunately, I got an error when he got to the step with the switching (an error occurred when trying to access device PXI1Slot6
Another process has already logged to this switch module.).Is it possible to disconnect the teststand switch so that the labview vi can be used without interruption, or y at - it another way to do switching multimode in teststand I don't know?
Thank you for taking the time to read.
One more thing...
You can use the adapter of the sequence with a step of the multi-digital. Then create a sequence that will have several stages.
I illustrate this in the sequence file attached.
Let me know if you have any questions.
-
Position of the PXI Module in the chassis
Dear Forum,
I just got a new PXI-1033 chassis as well as a single PXI-6259 HAVE/AO/DIO and two PXI-2501 switch modules module.
No matter where I physically place these three modules in the chassis?
Sincerely,
Zach
Zach-
So, I see you have a PXI-1033 chassis and two modules PXI (PXI-6259 and PXI-2501). In this case, their placement is not serious. Just a tip: If you consider the symbols in each slot, they indicate what type of device they can accept.
A symbol of circle, the location is a generic peripheral location. A generic device location will work very well for both of your devices.
A symbol of diamond, that location is a location of triggering star.
A symbol of diamond with a circle inside means that the slot is a generic peripheral location with star triggering capabilities. This slot machine also works for each device.
I found these definitions of machines slot in user guide NI PXI-1033 and specifications. Check it out if you want more information than what I have provided.
See you soon!
Maybe you are looking for
-
My iMac update installed iTunes 14.2.3 x 4
4 x the installation of the backup version of iTunes 14.2.3. Is this just another bug to wait? Should I do something to prevent this loss of time?
-
Need help with installing the driver Vista for Satellite A200-23U
INSTALL THE WINDOWS VISTAN ° Version of the component name1 Windows Vista RTM2 native Intel ICH7M Chipset utility3 945GM Intel display driveror3 nVIDIA Display Driver G72MV-A3/NB7P-GSRealtek Audio driver ALC861D 45 Realtek 8101E 10/100 / Driver LAN G
-
feature request - alignment of the execution of the front panel window
I would like he's had a "pair of coordinates", marked by two positions on the Panel before which would serve the rectangle to display at the top left and bottom right positions itself for my front panel when executing. Then I wouldn't have to worry a
-
Original title: How do I delete the file requiring approval should be deleted? I have download a web reader Cacaoweb & recently just found out it doesn't work anymore. One day the internet browser has become impossible to connect to the server. I tri
-
I have an older Equallogic PS50 unit that I would like to upgrade. I bought a drive of type 2 for her and I'm having some trouble getting it online. I have the camera turned off and installed the controller as well as to connect three network cards