11-16-2016 04:26 AM - edited 03-12-2019 06:12 AM
Hi,
We have configured a Cisco ASA 5555-X with FirePOWER version 6.0.0.1. The ASA firewall has an ASA OS version 9.2(2)4.
This FirePOWER module has been configured with Protect, Control and AMP (TAM License).
From the management center, health monitor, we noticed alerts showing the firewall is using an average of 98.69% CPU utilization. This utilization seems to be in only one CPU i.e. at any time the CPU is over 95% in CPU00 or CPU01 or CPU02 or CPU03 or CPU04 or CPU005.
What could be the cause of this high CPU utilization, and how can it be fixed?
Andrew J.
11-16-2016 01:18 PM
For FP 6.0.x you need at least ASA OS 9.4.x.
11-17-2016 12:41 AM
Hi ilukeberry,
Thanks for the reply. We will try and upgrade to a version greater than 9.4.X and observe if this helps. However, we have other firewalls running 9.2(2)4 and FirePOWER 6.0.0.1. and they have no CPU spikes. Coould it be a configuration issue?
11-17-2016 03:32 PM
You should upgrade to get into a supported state again. Your CPU issue is probably not an issue. Traffic is load balanced across multiple snort (ips) processes on your firepower module which can results in certain cores being under high load.
If you want to verify which process is causing this issue issue the following command on your module
> system support utilization
In case you see snort process hogging your CPU constantly you might wanna open up a TAC case or try restarting snort (might cause short traffic disruption) using pmtool
> pmtool RestartByType DetectionEngine
11-17-2016 09:43 PM
Hi Kaisero,
When we look at the CPU utilization, the process snort (user - sfsnort) is using the most CPU. We'll try and restart the process after production hours.
Regards,
Andrew
01-04-2018 01:18 PM
I have the same issue, but I am running asa 9.6(3)1. Must be something else.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide