Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1361
Views
0
Helpful
1
Replies

Enabled 'Host DNS Verification' setting for "SUSPECTLIST" Sender Group

pbabu6001
Level 1
Level 1

‎02-06-2017 08:22 AM

Hi All,

I am facing high workqueue and CPU utilization issue on C670 IronPort server. Does below solution will help to resolve this issue (Not completely, at least somewhat).

Solution: Disable "Host DNS Verification setting for "SUSPECTLIST" Sender Group.

We have Order as below:

Order 1: WHITELIST

Order 2: BLACKLIST

Order 3: SUSPECTLIST (Enabled all 3 Connecting Host DNS verification)

Order 4: UNKNOWNLIST

Find the below results which are came at peak hours:

UNKNOWNLIST - 99.4k

BLACKLIST - 99k

SUSPECTLIST - 17k

WHITELIST - 5.5k

Thank you!!

Labels:
0 Helpful
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎02-06-2017 08:55 AM

Hi,

I do not think this would change CPU usage by a large extent unless you have being seeing delays in DNS responses from the configured DNS servers.

I would recommend starting with command "status detail" to check what is currently utilizing CPU and "displayalerts" to see if there were any recent errors.

If you use URL filtering ensure the configuration is updated as per recommendation in the below field notice.

http://www.cisco.com/c/en/us/support/docs/field-notices/641/fn64111.html

Also below article is helpful in understanding CPU load.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200468-High-CPU-utilization-after-upgrading-ESA.html

Thanks

Libin Varghese

0 Helpful
Customers Also Viewed These Support Documents