You should upgrade to get

Andrew Mathu · ‎11-16-2016

Hi,

We have configured a Cisco ASA 5555-X with FirePOWER version 6.0.0.1. The ASA firewall has an ASA OS version 9.2(2)4.

This FirePOWER module has been configured with Protect, Control and AMP (TAM License).

From the management center, health monitor, we noticed alerts showing the firewall is using an average of 98.69% CPU utilization. This utilization seems to be in only one CPU i.e. at any time the CPU is over 95% in CPU00 or CPU01 or CPU02 or CPU03 or CPU04 or CPU005.

What could be the cause of this high CPU utilization, and how can it be fixed?

Andrew J.

ilukeberry · ‎11-16-2016

For FP 6.0.x you need at least ASA OS 9.4.x.

Andrew Mathu · ‎11-17-2016

Hi ilukeberry,

Thanks for the reply. We will try and upgrade to a version greater than 9.4.X and observe if this helps. However, we have other firewalls running 9.2(2)4 and FirePOWER 6.0.0.1. and they have no CPU spikes. Coould it be a configuration issue?

Oliver Kaiser · ‎11-17-2016

You should upgrade to get into a supported state again. Your CPU issue is probably not an issue. Traffic is load balanced across multiple snort (ips) processes on your firepower module which can results in certain cores being under high load.

If you want to verify which process is causing this issue issue the following command on your module

> system support utilization

In case you see snort process hogging your CPU constantly you might wanna open up a TAC case or try restarting snort (might cause short traffic disruption) using pmtool

> pmtool RestartByType DetectionEngine

Andrew Mathu · ‎11-17-2016

Hi Kaisero,

When we look at the CPU utilization, the process snort (user - sfsnort) is using the most CPU. We'll try and restart the process after production hours.

Regards,

Andrew

dbogdan · ‎01-04-2018

I have the same issue, but I am running asa 9.6(3)1. Must be something else.

FirePOWER Module on ASA 5555-X hits over 95%