Following can potentially cause high CPU utilization on ASAs:
** SSH open access from outside:
ssh 0.0.0.0 0.0.0.0 outside ==>> /* You should be punished if you did this on your ASA :). An SSH attack from outside can put CPU cycle on high utilization. */
** Sending snmp-trap logs to a syslog server that doesn't exist, or not accepting syslogs.
snmp-server enable traps syslog
** Forgetting to turn off Debugs.
** Forgetting to turn off Captures.
** RPF checks that point to ...mmmm...... Nothing. Invalid Route entries would be an example. Or if your ASA is pointing to the ISP router for it's default route, then RPF on the outside probably not going to be very useful:
ip verify reverse-path interface outside
** Unnecessary Inspection rules. If Netbios and tftp inspection not needed on the Global policy-map, turn them off.
policy-map global_policy
class inspection_default
no inspect netbios
no inspect tftp
** Really complex inside-out ACLs. Try grouping objects.
No comments:
Post a Comment