Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4739
Views
11
Helpful
7
Replies

How to upgrade the CPU of Cisco ASA 5520?

mparas_04
Level 1
Level 1

‎05-07-2012 10:22 PM - edited ‎03-11-2019 04:03 PM

After installing the new anti virus on all PCs in our company, the CPU usage of our Cisco firewalls increased up to 92%. How can we upgrade the CPU of the device to lower the CPU usage? Thanks.

Labels:
0 Helpful
7 Replies 7

varrao
Level 10
Level 10

‎05-07-2012 10:47 PM

Hi,

You cannot upgrade the CPU of the ASA, you would need to troubleshoot what is eating the CPU cycles, just as an initial pointer, I would request you to check the following:

show process cpu-hog non-zero

Chcek the traffic hitting the ASA as well.

Thanks,

Varun

Thanks,
Varun Rao

mparas_04
Level 1
Level 1
In response to varrao

‎05-07-2012 11:34 PM

Hi,

Thanks for the reply. I'm not really into security, I'm more on router & switches. Here is the result of the show command I enter on the ASA. May I ask again for your help.

INTFW# show process cpu-usage non-zero

PC         Thread       5Sec     1Min     5Min   Process

081aa324   6bdaf870    78.6%    79.0%    78.9%   Dispatch Unit

08bd08d6   6bda9210     5.6%     5.6%     5.6%   Logger

INTFW# show process cpu-h

Process:      snp flow bulk sync, PROC_PC_TOTAL: 12, MAXHOG: 16, LASTHOG: 16

LASTHOG At:   11:27:08 PHST Aug 8 2011

PC:           86badfe (suspend)

Process:      vpnfol_sync/Bulk Sync - Import , NUMHOG: 23, MAXHOG: 6, LASTHOG: 6

LASTHOG At:   11:27:17 PHST Aug 8 2011

PC:           80635a5 (suspend)

Traceback:    80635a5  8d9ff96  8062413

Process:      vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 23, MAXHOG: 5, LAS                                                                                        THOG: 5

LASTHOG At:   11:27:17 PHST Aug 8 2011

PC:           8da1592 (suspend)

Process:      vpnfol_sync/Bulk Sync - Import , NUMHOG: 23, MAXHOG: 5, LASTHOG: 5

LASTHOG At:   11:27:17 PHST Aug 8 2011

PC:           8da1592 (suspend)

Traceback:    8da1c7e  8d9ff8f  8062413

Process:      ssh_init, PROC_PC_TOTAL: 4, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   07:41:20 PHST Aug 18 2011

PC:           806dcd5 (suspend)

Process:      ssh_init, NUMHOG: 4, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   07:41:20 PHST Aug 18 2011

<--- More --->

PC:           806dcd5 (suspend)

Traceback:    8b9d3e6  8bab837  8ba024a  8062413

Process:      ssh_init, PROC_PC_TOTAL: 90801, MAXHOG: 5, LASTHOG: 2

LASTHOG At:   04:47:28 PHST Apr 5 2012

PC:           8b9ac8c (suspend)

Process:      ssh_init, NUMHOG: 90801, MAXHOG: 5, LASTHOG: 2

LASTHOG At:   04:47:28 PHST Apr 5 2012

PC:           8b9ac8c (suspend)

Traceback:    8b9ac8c  8ba77ed  8ba573e  8ba58e8  8ba6971  8ba02b4  8062413

Process:      telnet/ci, PROC_PC_TOTAL: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   08:43:18 PHST Apr 16 2012

PC:           8870ba5 (suspend)

Process:      telnet/ci, NUMHOG: 1, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   08:43:18 PHST Apr 16 2012

PC:           8870ba5 (suspend)

Traceback:    8870ba5  9298bf1  92789fe  9279191  80ca7e7  80cacbb  80c14b5

              80c1c5f  80c2da6  80c3850  8062413

Process:      Unicorn Proxy Thread, PROC_PC_TOTAL: 5, MAXHOG: 3, LASTHOG: 2

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c0e8e5 (suspend)

Process:      Unicorn Proxy Thread, NUMHOG: 5, MAXHOG: 3, LASTHOG: 2

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c0e8e5 (suspend)

Traceback:    8c0e8e5  8c23428  8c24561  8cff99d  8cfdb0c  8cf9f81  8cf9ef5

              8cfa9b0  8cec6c9  8cebf7b  8cec22c  8ce5e2f  8d00cfb  8d01d67

Process:      Unicorn Proxy Thread, PROC_PC_TOTAL: 12, MAXHOG: 5, LASTHOG: 4

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c2bb4d (suspend)

Process:      Unicorn Proxy Thread, NUMHOG: 12, MAXHOG: 5, LASTHOG: 4

LASTHOG At:   20:23:09 PHST Apr 27 2012

PC:           8c2bb4d (suspend)

Traceback:    8c2bb4d  8c0ef7a  8c11576  8c11625  8c12748  8c140f8  8c0f074

              8c23bae  8f2f1f1  8062413

Process:      vpnfol_sync/Bulk Sync - Import , PROC_PC_TOTAL: 488, MAXHOG: 100, LASTHOG: 2

LASTHOG At:   02:44:29 PHST May 6 2012

PC:           80635a5 (suspend)

Process:      ssh_init, NUMHOG: 461, MAXHOG: 3, LASTHOG: 2

LASTHOG At:   02:44:29 PHST May 6 2012

PC:           80635a5 (suspend)

Traceback:    80635a5  8133d0b  9224474  923d3c8  9239045  9238e95  9226f50

              92263d8  92158bf  920530c  922564a  92254c1  9214606  92050bc

Process:      snmp, PROC_PC_TOTAL: 52, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   12:39:15 PHST May 7 2012

PC:           8b37300 (suspend)

Process:      snmp, NUMHOG: 52, MAXHOG: 3, LASTHOG: 3

LASTHOG At:   12:39:15 PHST May 7 2012

PC:           8b37300 (suspend)

Traceback:    8b37300  8b35d27  8b32e39  8b358c8  8b10b5e  8b0f7bc  8062413

Process:      ssh_init, PROC_PC_TOTAL: 43117, MAXHOG: 4, LASTHOG: 2

LASTHOG At:   10:35:55 PHST May 8 2012

PC:           83cf301 (suspend)

Process:      ssh_init, NUMHOG: 43117, MAXHOG: 4, LASTHOG: 2

LASTHOG At:   10:35:55 PHST May 8 2012

PC:           83cf301 (suspend)

Traceback:    83cfb25  83c9883  812ea45  89e51b2  89b8dda  8ba0e44  8ba0278

              8062413

Process:      Dispatch Unit, PROC_PC_TOTAL: 4911194, MAXHOG: 1010, LASTHOG: 3

LASTHOG At:   14:22:15 PHST May 8 2012

PC:           81aa50f (suspend)

Process:      Dispatch Unit, NUMHOG: 4501175, MAXHOG: 1010, LASTHOG: 3

LASTHOG At:   14:22:15 PHST May 8 2012

PC:           81aa50f (suspend)

Traceback:    81aa50f  8062413

Process:      snmp, PROC_PC_TOTAL: 82902, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   14:25:09 PHST May 8 2012

PC:           8c09598 (suspend)

Process:      snmp, NUMHOG: 82902, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   14:25:09 PHST May 8 2012

PC:           8c09598 (suspend)

Traceback:    8b300cd  8b1086d  8b0f7bc  8062413

Process:      snmp, PROC_PC_TOTAL: 41500, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   14:25:09 PHST May 8 2012

PC:           8b3709e (suspend)

Process:      snmp, NUMHOG: 41500, MAXHOG: 4, LASTHOG: 3

LASTHOG At:   14:25:09 PHST May 8 2012

PC:           8b3709e (suspend)

Traceback:    8b3709e  8b35dcb  8b32e39  8b358c8  8b10b5e  8b0f7bc  8062413

Process:      Dispatch Unit, PROC_PC_TOTAL: 50136, MAXHOG: 46, LASTHOG: 2

LASTHOG At:   14:25:12 PHST May 8 2012

PC:           81aa324 (suspend)

Process:      Dispatch Unit, NUMHOG: 50136, MAXHOG: 46, LASTHOG: 2

LASTHOG At:   14:25:12 PHST May 8 2012

PC:           81aa324 (suspend)

Traceback:    81aa324  8062413

Process:      Dispatch Unit, NUMHOG: 13985647, MAXHOG: 1012, LASTHOG: 3

LASTHOG At:   14:25:43 PHST May 8 2012

PC:           81aa5f9 (suspend)

Traceback:    81aa5f9  8062413

Process:      Dispatch Unit, PROC_PC_TOTAL: 18866757, MAXHOG: 1012, LASTHOG: 4

LASTHOG At:   14:25:44 PHST May 8 2012

PC:           81aa5f9 (suspend)

CPU hog threshold (msec):  2.844

Last cleared: None

Thank,

0 Helpful

varrao
Level 10
Level 10
In response to mparas_04

‎05-08-2012 12:29 AM

Hi,

This tells me that the dispatch unit is running high,  dispatch unit is responsible for handling traffic between different interfaces, so higher the amount of traffic this is bound to increase. I would suggest opening a TAC case for it and verify what traffic is hitting your firewall due to which the CPU is going high. You might need to troubleshoot on the traffic front.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

daniel.messana
Level 1
Level 1

‎10-04-2012 08:57 PM

I have an ASA5510 Sec Plus Bundle in my home lab.  Though it isn't supported by Cisco, I upgraded the ram to 2GB using non-cisco memory along with the CPU to a 3.4Ghz P4.  I ran a bandwidth test and reached gigabit speeds maxing out the gigabit interface.  the cpu never went over 5% utilization while doing so unlike the bigger brother 5520 that i tested at work which maxed out at ~400Mbs and had the CPU spike during that time to 100%.

bkoch1
Level 1
Level 1
In response to daniel.messana

‎02-17-2016 04:36 PM

What bandwidth test are you using? I upgraded a 5540 from the 2 GHz P4 to a 3 GHz P4, and the iperf results were the same: CPU hit 45% and bandwidth maxed at 650Mbps.

NETWORK OIT
Level 1
Level 1
In response to bkoch1

‎08-04-2017 08:38 AM

I Posted this bkoch1  5 or so years ago, and performed the upgrade before that, wondering if Cisco saw this and put a software limitation on one of their updates.  this wouldn't surprise me.  your box seemed to top off at the advertised throughput even after the upgrade while using the same testing method i had used.  it is also possible that the security plus license removes said software limitation.

0 Helpful

Matt Wilson
Level 1
Level 1
In response to bkoch1

‎04-14-2020 12:49 AM

What family was the Pentium 4 from?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card