topic Re: FPR-1010 High memory usage - FTD code in Network Security

FPR-1010 High memory usage - FTD code

SinRez — Tue, 19 Jul 2022 13:27:53 GMT

Hi,

We have a FPR-1010 with the FTD code 6.6.x code and also being managed by FDM and not FMC which has high memory since day one.

I noticed since these FPRs should have 8 GB of memory but when i type show memory or show version it only shows close to 3 GB of total memory. Can someone let me know why this is that?

Hardware: FPR-1010, 2830 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 cores)

# show memory
Free memory: 726218050 bytes (24%)
Used memory: 2241345152 bytes (76%)
------------- ------------------
Total memory: 2967563202 bytes (100%)

Note: Free memory is the free system memory. Additional memory may
be available from memory pools internal to the firewall process.
Use 'show memory detail' to see this information, but use it
with care since it may cause CPU hogs and packet loss under load.

But when I go to the expert mode it shows 8 GB of memory

FTD1:/home/admin# grep MemTotal /proc/meminfo

MemTotal: 8114616 kB

I would appreciate if someone could help.

Re: FPR-1010 High memory usage - FTD code

McHildinger — Wed, 20 Jul 2022 13:10:11 GMT

This is an interesting issue, please let us know if you find a solution.

Re: FPR-1010 High memory usage - FTD code

SinRez — Wed, 03 Aug 2022 13:17:15 GMT

Hi,

I was wondering if anyone can help me with this.

Thanks,

Sina

Re: FPR-1010 High memory usage - FTD code

Marius Gunnerud — Wed, 03 Aug 2022 14:11:57 GMT

show memory (from diagnostic-cli and ftd prompt >) will show the memory allocated to LINA while show memory system from FTD > prompt will show all memory for the system

Re: FPR-1010 High memory usage - FTD code

SinRez — Wed, 03 Aug 2022 14:14:36 GMT

Thanks alot for the information, is it possible to allocate more memory to LINA. Because the firewalls are using only 3GB of memory and the memory usage is at 70 % at the moment.

Re: FPR-1010 High memory usage - FTD code

Marius Gunnerud — Wed, 03 Aug 2022 15:27:09 GMT

I am not entirely sure if it is possible to manually allocate memory. Remember that you dont just have LINA. LINA is probably the one that uses the least amount of memory. You also have SNORT which does all IPS, URL filtering, Malware lookups and filtering, file analysis, SSL decryption, etc. which require a lot more memory than the regular packet filtering that LINA does. Even if it is possible I would not suggest doing the changes on your own and recommend that you do this with Cisco TAC. This way you will still be able to get support for your product if something goes wrong...but again, I don't even know if it is possible.

Although 70% is a bit high, it is not warrant for concern, in my opinion, yet. Perhaps look into how much traffic is passing through your firewall, how many access rules you have, how many network objects you have as this can have an affect on memory.

Re: FPR-1010 High memory usage - FTD code

tonypearce1 — Mon, 24 Oct 2022 05:48:43 GMT

Mine are using 83% for LINA dataplane memory (virtual FTD)

There is nothing online about this, whether it is safe or normal or something which needs to be fixed which is how I found and came here. Default warning is set to 80% consumed of total with critical being 90%.

So with yours at 70% it's completely in the normal and I would not be concerned at all. Remember, everything gets loaded to memory first. Any unused memory is wasted memory because if something is required to be loaded then it first has to copy it to memory. The caveat is free memory buffer in case of X/Y/Z.

Re: FPR-1010 High memory usage - FTD code

CiscoBrownBelt — Tue, 07 Nov 2023 17:41:05 GMT

Any condition in particular would cause memory usage on a FTD to be over 80%?

Re: FPR-1010 High memory usage - FTD code

Usman Mushtaq — Tue, 07 Nov 2023 17:48:27 GMT

Hello,

FPR-1010 High memory usage - FTD code" suggests a technical issue related to the Cisco Firepower 1010 security appliance. High memory usage in the FTD (Firepower Threat Defense) code can impact the device's performance and security functions. It typically requires troubleshooting and optimization to ensure the device operates efficiently and effectively, maintaining network security and stability.

Re: FPR-1010 High memory usage - FTD code

Marius Gunnerud — Wed, 08 Nov 2023 12:27:26 GMT

The most common condition I have seen for high memory usage is an excessive number of ACL entries. Issue the command "show access-list element-count" (without quotes) in CLI and see what it comes back with.

have you enabled Object Group Search and / or Interface Object Optimization? If not and you have a high access-list entry count, consider enabling them.

Re: FPR-1010 High memory usage - FTD code

jpergolizzi — Tue, 28 Jan 2025 18:31:03 GMT

Folks, hi there, I realize this is a little old, but I just ran into this issue recently with a new FPR-1010. Mine was running at 97% and when it got that high it would cause AnyConnect connections that use SAML for MFA to fail. Apparently there's a bug when there are multiple instances of the AnyConnect client on the device to cause LINA / dataplane memory to skyrocket. I had 3 and have removed 2. Now my memory is down to 84.1%, still a little high. I'm working with Cisco TAC on this now. If you are still seeing this issue and running AnyConnect or SecureClient, check to see how many client versions you have on the box.

Re: FPR-1010 High memory usage - FTD code

Sheraz.Salim — Tue, 28 Jan 2025 21:17:08 GMT

we had a similar issue in production the work around to fix the issue was we have to move our anyconnect from TLS to ikev2. once we moved our cpu usage come down to 70% prior to this we were always on 90-95%. might this help others.

Re: FPR-1010 High memory usage - FTD code

jpergolizzi — Tue, 28 Jan 2025 21:47:51 GMT

Btw, here's the bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc82675

Re: FPR-1010 High memory usage - FTD code

ccieexpert — Wed, 29 Jan 2025 03:01:54 GMT

what happens is that each anyconnect/secure client package has to be cached in memory as users need to access it and also for upgrades etc.. thus the increase in memory... apparently some of these platforms have limited memory and there can be constraints.. work with TAC to get to the bottom of this ...

Re: FPR-1010 High memory usage - FTD code

ccieexpert — Thu, 30 Jan 2025 09:07:32 GMT

Technically it is not a defect/bug..It is marked as a severity 6 which is enhancement, but then it is just documenting that lower platforms will be impacted... in reality, it is just that lower end platforms really dont have enough memory to be honest (:

Re: FPR-1010 High memory usage - FTD code

jpergolizzi — Thu, 30 Jan 2025 16:58:54 GMT

Hi there. While Cisco is tagging this with a bugid, I do see what you mean about it not technically being a bug. The workaround is pretty simple but in the event multiple images are required, that is a real problem on the lower end platforms for sure. Anyway, after removing 2 of the 3 images that were essentially "duplicates" and rebooting the firewall, my FPR-1010 is now down to 76% and holding steady. So hopefully we have this solved.