https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997642#M1009323 <P style="margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">Hi,</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;"></SPAN></P><P>&nbsp;</P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">We have configured a Cisco ASA 5555-X with FirePOWER version 6.0.0.1. The ASA firewall has an ASA OS version&nbsp;9.2(2)4.</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">This FirePOWER module has been configured with Protect, Control and AMP (TAM License).</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">From the management center, health monitor, we noticed alerts showing the firewall is using an average of 98.69% CPU utilization. This utilization seems to be in only one CPU i.e. at any time the CPU is over 95% in CPU00 or CPU01 or CPU02 or CPU03 or CPU04 or CPU005.</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">What could be the cause of this high CPU utilization, and how can it be fixed?</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;"></SPAN></P><P>&nbsp;</P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">Andrew J.</SPAN></P><P></P><P></P> Tue, 12 Mar 2019 13:12:03 GMT Andrew Mathu 2019-03-12T13:12:03Z https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997642#M1009323 <P style="margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">Hi,</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;"></SPAN></P><P>&nbsp;</P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">We have configured a Cisco ASA 5555-X with FirePOWER version 6.0.0.1. The ASA firewall has an ASA OS version&nbsp;9.2(2)4.</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">This FirePOWER module has been configured with Protect, Control and AMP (TAM License).</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">From the management center, health monitor, we noticed alerts showing the firewall is using an average of 98.69% CPU utilization. This utilization seems to be in only one CPU i.e. at any time the CPU is over 95% in CPU00 or CPU01 or CPU02 or CPU03 or CPU04 or CPU005.</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">What could be the cause of this high CPU utilization, and how can it be fixed?</SPAN></P><P></P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;"></SPAN></P><P>&nbsp;</P><P></P> <P style="outline: none; font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; word-spacing: 0px; margin: 0in 0in 7.5pt 0in;"><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">Andrew J.</SPAN></P><P></P><P></P> Tue, 12 Mar 2019 13:12:03 GMT https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997642#M1009323 Andrew Mathu 2019-03-12T13:12:03Z https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997643#M1009324 <P>For FP 6.0.x you need at least ASA OS 9.4.x.</P> Wed, 16 Nov 2016 21:18:28 GMT https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997643#M1009324 ilukeberry 2016-11-16T21:18:28Z https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997644#M1009325 <P>Hi <SPAN class="fullname"><SPAN rel="sioc:has_creator"><A href="https://supportforums.cisco.com/users/ilukeberry" title="View user profile." class="username" lang="" about="/users/ilukeberry" typeof="sioc:UserAccount" property="foaf:name" datatype="">ilukeberry</A></SPAN></SPAN>,</P> <P></P> <P>Thanks for the reply. We will try and upgrade to a version greater than 9.4.X and observe if this helps. However, we have other firewalls running <SPAN style="font-family: 'Arial',sans-serif; color: #58585b;">9.2(2)4 and FirePOWER 6.0.0.1. and they have no CPU spikes. Coould it be a configuration issue?</SPAN></P> <P><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;"></SPAN></P> <P><SPAN style="font-family: 'Arial',sans-serif; color: #58585b;"></SPAN></P> Thu, 17 Nov 2016 08:41:59 GMT https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997644#M1009325 Andrew Mathu 2016-11-17T08:41:59Z https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997645#M1009326 <P>You should upgrade to get into a supported state again. Your CPU issue is probably not an issue. Traffic is load balanced across multiple snort (ips) processes on your firepower module which can results in certain cores being under high load.&nbsp;</P> <P></P> <P>If you want to verify which process is causing this issue issue the following command on your module</P> <P></P> <P>&gt; system support utilization</P> <P></P> <P>In case you see snort process hogging your CPU constantly you might wanna open up a TAC case or try restarting snort (might cause short traffic disruption) using pmtool</P> <P></P> <P>&gt; pmtool RestartByType DetectionEngine</P> Thu, 17 Nov 2016 23:32:30 GMT https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997645#M1009326 Oliver Kaiser 2016-11-17T23:32:30Z https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997646#M1009327 <P>Hi Kaisero,</P> <P></P> <P>When we look at the CPU utilization, the process snort (user - sfsnort) is using the most CPU. We'll try and restart the process after production hours.</P> <P></P> <P>Regards,</P> <P></P> <P>Andrew</P> Fri, 18 Nov 2016 05:43:51 GMT https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/2997646#M1009327 Andrew Mathu 2016-11-18T05:43:51Z https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/3306364#M1009328 <P>I have the same issue, but I am running asa 9.6(3)1.&nbsp; Must be something else.</P> Thu, 04 Jan 2018 21:18:42 GMT https://community.cisco.com/t5/network-security/firepower-module-on-asa-5555-x-hits-over-95/m-p/3306364#M1009328 dbogdan 2018-01-04T21:18:42Z