Hello community,
our customer has upgraded the FMC and the FTDs from rel. 6.6.1 to 6.6.4 and since that time he gets a red bubble
on a HA cluster of two FTD5516-X (see attached device overview). Other HA clusters of two FTD5516-X with same number of Access Control Rules do not show this.
When he click on the crossed tools he get he infomation "Resource utilization is high" with the remark:
"Version 6.6.3+ has an improved memory management system implemented to avoid potentially network and system impacting conditions due to the system running out of memory. Please re-evaluate your configurations. You may be able to reduce the number or complexity of access control rules or intrusion policies. For more information, see the Best Practices for Access Control chapter in the Firepower Management Center Configuration Guide." (see attached Health Monitor for the Device)
The FTD5516-X has less then 50 Access Control Rules and Logging is just enabled for the end of the connection.
When I login to the FTD5516-X using SSH I get the following memory information:
> show memory
Free memory: 2712572912 bytes (59%)
Used memory: 1918534920 bytes (41%)
------------- ------------------
Total memory: 4631107832 bytes (100%)
Note: Free memory is the free system memory. Additional memory may
be available from memory pools internal to the firewall process.
Use 'show memory detail' to see this information, but use it
with care since it may cause CPU hogs and packet loss under load.
###################################################################################
> show memory detail
Heap Memory:
Free Memory:
Heapcache Pool: 18352 bytes ( 0% )
Global Shared Pool: 4048528 bytes ( 0% )
Message Layer Pool: 2033120 bytes ( 0% )
Message Layer HB Pool: 257840 bytes ( 0% )
System: 2721270008 bytes ( 59% )
Used Memory:
Heapcache Pool: 310360144 bytes ( 7% )
Global Shared Pool: 133839216 bytes ( 3% )
Reserved (Size of DMA Pool): 499122176 bytes ( 11% )
Reserved for messaging: 1899040 bytes ( 0% )
Reserved for HB messaging: 4304 bytes ( 0% )
MMAP usage: 105573452 bytes ( 2% )
System Overhead: 852943796 bytes ( 18% )
------------------------------------- ----------------
Total Memory: 4631107832 bytes ( 100% )
Warning: The information reported here is computationally expensive to
determine, and may result in CPU hogs and performance impact.
I don't see here a serious situation in terms of memory.
Detailed information about the memory, CPU and Snort are attached in 'Command outputs'.
My questions:
1. Do you know something about a bug in this matter?
2. Do you consider 50 Access Control Rules are too many for a FTD5516-X?
3. What can we still do to get rid of the "Resource utilization is high" message?
Every hint is welcome!
Thanka a lot!
Bye
R.