Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
3
Replies

FMC 100 % cpu utilization due to high data transfr,find bandwidth hogs

Wonxie
Level 1
Level 1

‎09-07-2023 12:04 AM

Hi,

I have two FTD's managed by FMC. at times its cpu hits 100 % . I figured out that when there is heavy traffic passing through two interfaces the snort process chokes one cpu.

there is 230Mbps data throughput between two zones/interfaces on FTD when i noticed this problem. At the moment i have not enabled netflow .so what else can i use to find the source and destination IPs that were involved in above communication so i can tune ips/file policy for that.

Regards

 

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-07-2023 12:25 AM

what FMC  version ? is this VM ?

I have noticed this when the FTD sending too many logs to FMC

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Wonxie
Level 1
Level 1
In response to balaji.bandi

‎09-07-2023 01:05 AM

FMC Software Versio 7.0.4

above is fmc version. Pardon me. the cpu on one of the core of ftd is hitting 100% and staying there as long as the trhough put on interface 221 Mbps. The ftd is 2110 v7.0.1.

I need to figure out what source/dest was involved in that big data copy. so i can tune policy on that.

0 Helpful

plwalsh
Level 1
Level 1
In response to Wonxie

‎09-08-2023 06:33 AM

You could enable IAB in monitor mode and see if that identifies the source/destination the next time your snort process hist 100% CPU. IAB will log a connection event with 'Would Bypass' when triggered.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card