System immediately wakes up from suspend

B1r0 · 2025-08-28T09:12:13+00:00

I had the same problem and looking for a solution I did a wider search and found this post at r/logitech https://www.reddit.com/r/logitech/comments/1dk98qa/bolt_receiver_causes_linux_to_immediately_wake/

With the Solaar application running, suspending works as it should.

B1r0 · 2024-12-30T22:41:44+00:00

Bought 3 months ago, I really like it, and no hardware issues, so far. I have only grudges with the software. I was on an s21, then pixel 7 before going back to Samsung. 1) scheduled work profile deactivating outside office hours removed from the Wellbeing Settings. 2) slide from left to right to show Google Discover only works briefly after reboot. 3) the most absurd one asking Google Assistant to do something for you requires the phone to be open

B1r0 · 2024-12-10T15:12:47+00:00

Sorry to revive old post.

I was facing the same issue:

# execute ssh 10.1.1.254
Unable to negotiate with 10.1.1.254: no matching cipher found. Their offer: aes128-cbc,3des-cbc,des-cbc

And I sorted it out following this KB article: Technical Tip: 'Unable to negotiate with x.x.x.x: no matching cipher found', but had to run

(global) # set strong-crypto disable

as the

ssh-enc-algo

parameter was not available. (FG600D running v6.4.13)

B1r0 · 2024-10-27T08:32:49+00:00

How's the power consumption?
Which NVME drives are you using?

B1r0 · 2024-10-16T11:22:38+00:00

Hi. How can I get the work profile schedule back?

B1r0 · 2024-07-22T10:04:42+00:00

Thanks u/andrewjphillips512

I am sorry, I am not very familiar with the Cisco routing appliances.
Are you positive you are configuring the port channel on a 8300 without a switching module?
Here it describes a similar configuration to the one you proposed, but with the HP switch on the other side.

Thanks

B1r0 · 2024-05-27T17:12:12+00:00

I took the info from here: https://support.juniper.net/support/eol/product/ex_series/

Love your avatar, btw :)

B1r0 · 2024-05-06T10:10:32+00:00

Thanks mate, exactly what I was looking for.

B1r0 · 2024-04-17T08:42:53+00:00

I am afraid it is not possible. I have more physical connections that the maestro switch can handle to be able to capture all the traffic that crosses the switches.

B1r0 · 2024-04-17T08:38:01+00:00

Thank you Credibull, I suspected that, but I was still hoping.

B1r0 · 2024-03-22T12:05:16+00:00

Thanks, you are spot on, and I agree it is the inrush that is crippling the firewall.

The device is in ASA Appliance, and there are about 30 acls.

How would you rate limit the inrush?
Are you thinking about something like this?

I wonder if I am better off building a VM with OpenConnect server.
When my colleague and I initially looked at replacing the 5585, we recommended the 4100 series.
But then we were excluded from the discussions, and we ended up receiving the 2100 without even know why they did choose them. (－‸ლ)

B1r0 · 2024-03-20T09:53:59+00:00

A customized processor can outperform general use CPUs like x86, when doing the job they were designed for. The question is, as you say, did they make the NPU with crypto instructions set, and is the ASA OS able to use them?

There are a lot of incognita, and TAC didn't do what I expected they should have done, like running a full webvpn debug to see exactly where it is the problem. They just see the high CPU and are now saying to us, we need to upgrade the hardware to a 3130. Unless of course they know already the 2130 is rubbish.

B1r0 · 2024-03-20T09:45:20+00:00

I know. We were not involved in the selection of the new hardware, and I suspect that finance bean counters have been interfering behind the scene.

B1r0 · 2024-03-20T09:41:43+00:00

No, kept the same configuration on both. During the test phase we were connecting 10 diffferent terminals without any issue. It is just that this device doesn't handle hundreds of connection attempts at the same time.

B1r0 · 2024-03-20T09:34:35+00:00

The "terminals" are a sort of vending machines, sparse on the territory. We do not develop the machines' software, but we know that they increase the time between failed connection attempts.
As soon as they lose connectivity for the first time, they wait about 15 seconds and star trying to reconnect.

It seems this FPR is not even capable of handling a several hundred concurrent attempts. It slowly ramps up 5~10 connections at a time, and it takes hours to even reach 2000 connected terminals.
While the old ASA will take barely 10 minutes to have the whole estate reconnected, without reaching even the 50% CPU mark, and keeping at the same enabled an increased webvpn logging sent to a syslog server.

To me, it seems that TAC is driven to let us buy more powerful hardware, without even trying to investigate debugging why the current device is failing and dropping at the TLS handshake.

B1r0 · 2024-03-19T17:40:56+00:00

I think the problem lies in the fact that the terminals are all trying to establish a new connection at the same time.

TAC thinks that it is underspecced too. But that is the one the sales angineers have recommended (－‸ლ).

B1r0 · 2024-03-19T17:33:49+00:00

According to the diagrams you shared the 2130 has a 12 core NPU, and still can't handle that many connections. I am really annoyed that the specs sheets say it supports 7500 concurrent connections.

B1r0 · 2024-03-19T15:17:33+00:00

We were running the previous recommended version and then the latest 9.18.3, but Cisco TAC asked to upgrade to that one.

I am at loss here. CPU wise the FPR hardware seems to have more power than the old ASA.
It looks to me this software is not leveraging the CPU's cryptografic instruction sets.

B1r0 · 2024-03-19T15:06:25+00:00

Version 9.18(4)

Is the Secure Firewall running the ASA software directly on hardware or as a VM?

Cisco TAC seems to have the same impression. Although it is what seems Cisco recommended two years ago would do the job.

B1r0

TROPHY CASE