cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1077
Views
10
Helpful
5
Replies
Andrew Mathu
Beginner

FirePOWER Module on ASA 5555-X hits over 95%

Hi,

 

We have configured a Cisco ASA 5555-X with FirePOWER version 6.0.0.1. The ASA firewall has an ASA OS version 9.2(2)4.

This FirePOWER module has been configured with Protect, Control and AMP (TAM License).

From the management center, health monitor, we noticed alerts showing the firewall is using an average of 98.69% CPU utilization. This utilization seems to be in only one CPU i.e. at any time the CPU is over 95% in CPU00 or CPU01 or CPU02 or CPU03 or CPU04 or CPU005.

What could be the cause of this high CPU utilization, and how can it be fixed?

 

Andrew J.

5 REPLIES 5
ilukeberry
Beginner

For FP 6.0.x you need at least ASA OS 9.4.x.

Hi ilukeberry,

Thanks for the reply. We will try and upgrade to a version greater than 9.4.X and observe if this helps. However, we have other firewalls running 9.2(2)4 and FirePOWER 6.0.0.1. and they have no CPU spikes. Coould it be a configuration issue?

You should upgrade to get into a supported state again. Your CPU issue is probably not an issue. Traffic is load balanced across multiple snort (ips) processes on your firepower module which can results in certain cores being under high load. 

If you want to verify which process is causing this issue issue the following command on your module

> system support utilization

In case you see snort process hogging your CPU constantly you might wanna open up a TAC case or try restarting snort (might cause short traffic disruption) using pmtool

> pmtool RestartByType DetectionEngine

Hi Kaisero,

When we look at the CPU utilization, the process snort (user - sfsnort) is using the most CPU. We'll try and restart the process after production hours.

Regards,

Andrew

dbogdan
Beginner

I have the same issue, but I am running asa 9.6(3)1.  Must be something else.

Content for Community-Ad