ASA on Firepower 2140 - High CPU usage

NetworkNinjaAC · ‎10-12-2023

We are seeing a high CPU usage on our network firewall. Does anyone know what the DataPath process is for?

marce1000 · ‎10-12-2023

- FYI : https://community.cisco.com/t5/network-security/commands-for-troubleshooting-high-cpu/m-p/4573402#M1088424

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎10-12-2023

what kind of traffic this FW handling?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NetworkNinjaAC · ‎10-12-2023

It sits at the perimeter of the network so all traffic traverses through it.

balaji.bandi · ‎10-13-2023

what kind of traffic this FW handling? - i mean bandwidth wise, ? post interface output how much utilization.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NetworkNinjaAC · ‎10-13-2023

oh ok sorry for misunderstanding, this was this morning with low traffic and cpu at 50%:

tvotna · ‎10-13-2023

Processes CPU usage is not normal, because it is displayed incorrectly in this version due to CSCvt15348. Actually, it is very high in datapath. This can be caused by high pps rate or high drop rate, so you need to collect "clear traffic" / "show traffic" (once, but wait 1 minute after clearing) and "clear asp drop" / "show clock" + "show asp drop" (thrice) (to see how drops increase over time).

You're running out of 1550B and 80B blocks. The former can be attributed to high CPU. The latter is a bug. Do you encrypt failover link with IPsec? Provide "show run failover".

Conn rate, ACL size, number of xlates is small for this platform.

MHM Cisco World · ‎10-13-2023

Datapath sometimes is big problem.

Usually Datapath is for VPN (s2s or anyconnect).

If you can open TAC with cisco it better and fast way to know why these processes utilize your FW CPU.