We have configured a Cisco ASA 5555-X with FirePOWER version 184.108.40.206. The ASA firewall has an ASA OS version 9.2(2)4.
This FirePOWER module has been configured with Protect, Control and AMP (TAM License).
From the management center, health monitor, we noticed alerts showing the firewall is using an average of 98.69% CPU utilization. This utilization seems to be in only one CPU i.e. at any time the CPU is over 95% in CPU00 or CPU01 or CPU02 or CPU03 or CPU04 or CPU005.
What could be the cause of this high CPU utilization, and how can it be fixed?
Thanks for the reply. We will try and upgrade to a version greater than 9.4.X and observe if this helps. However, we have other firewalls running 9.2(2)4 and FirePOWER 220.127.116.11. and they have no CPU spikes. Coould it be a configuration issue?
You should upgrade to get into a supported state again. Your CPU issue is probably not an issue. Traffic is load balanced across multiple snort (ips) processes on your firepower module which can results in certain cores being under high load.
If you want to verify which process is causing this issue issue the following command on your module
> system support utilization
In case you see snort process hogging your CPU constantly you might wanna open up a TAC case or try restarting snort (might cause short traffic disruption) using pmtool
> pmtool RestartByType DetectionEngine
When we look at the CPU utilization, the process snort (user - sfsnort) is using the most CPU. We'll try and restart the process after production hours.