cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1293
Views
5
Helpful
9
Replies

Firepower CPU Saturate

h.infotronique1
Level 1
Level 1

Hello,

I have some issue with my ASA 5512x Firepower with module SFR; I install it and it work fine, but this day i have a problem with saturation of his CPU in the Firesight Management I see the CPU of module SFR very high it achieve 99,87% in this situation it block all my navigation internet and also the access of the diffrent server i can't do anything; for information i put just two rules one to block a social netwok and the second to block an anonymous site.

in the ASA ASDM the trafic of the diffrent interface i have don't pass the trafic 20000 Kbps

thanks.

9 Replies 9

Claudiu Cismaru
Cisco Employee
Cisco Employee

What version are you in?

Do you have IPS policies, file policies on those 2 rules?

the version of SFR that i use is 5.4.0-764

i have no IPS policy no file policy i just use the default policy for the moment!! and i delete those rule i made now the CPU idecate 59.76% !!

What version is the FMC?

First of all, you should use the latest available software. 5.4.0 is the beginning of 5.4 branch, which is pretty old now.

Before doing any other troubleshooting, I recommend to upgrade to latest 5.4.1.x on FMC and 5.4.0.x on SFR module.

Hi, 

thanks for your reply ,

for the FMC do you mean Firesight cause i use a VM that i upload from cisco web site it was the version Sourcefire_Defense_Center_Virtual64_VMware-ESXi-5.4.0-763

thanks.

Sorry for delay.

On the FMC UI you have in System -> Updates the versions which you can update to.

Hi,

You can download it on cisco website if your account has privileged access to download any ios version. Then import your downloaded version to FMC and point to to any sensor or FMC you wish to download.

Best Regards! 

thanks for your replies,

I do update my Fireght and then i restart him and it's ok, but now i see that he reach saturate point all days at 6pm to 7pm i dont understand why?

To me that sounds like FMC is updating something from 6.00pm. :)

sistematico
Level 1
Level 1

I had the same issue, and it never get resolve I contact Cisco and they create a hotfix for me, aparently there is a bug which make the CPU and memory go high, also when you have this issue you can disable firepower on the ASA by deleting the Firepower policy from ASDM or from the CLI and everything will get back to normal.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: