cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1666
Views
10
Helpful
5
Replies

FMC - CPUs stuck at 100%, High Unmaned Disk Usage Alerts

shenseung.lim
Level 1
Level 1

Dear Folks, good day rising!

Upon my first ever post (ever) I am excited to greet you fellows and also legends

I've got my hand on an FMC that screaming for its life for lack of better words,  hence i find myself upon your good council and also ideas to release it from a potential demise of sort. Tough i plainly admit I lack what the any form of fluidity around the FMC piece of technology.

Some basic info of the setup I am dealing with : 

Versions
Software 6.6.1-91
OS Cisco Fire Linux OS 6.6.1-14
Snort 2.9.16-1025
Rule Update 2021-12-18-001-vrt
Rulepack 2652
Module Pack 3016
Geolocation Update 2022-07-04-101
VDB 356

1. The CPUs are stuck at 100% - my poor 2-cents being that I suspect this is probably owing to a running Backup Task ( 96 hrs. and counting)

2. There are also alerts with regards High Unmanaged Disk Usages. 

3. ASDM launches are observed to be extremely sluggish on loads, ( tough they become navigable once it fully loads past the "parsing message" banner message.

 

Any ideas how I may begin tackling the issues, my humble many thanks in advance.

 

2 Accepted Solutions

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Your FMC a bit older software. 7.0.x is the current recommended version. I have seen older versions encounter bugs that can cause the high CPU utilization. Also make sure your VM environment meets all of the recommended specifications for the FMC VM - 32 GB of memory for example.

The backup job need to be terminated manually, usually with TAC assistance, as direct manipulation of the underlying database is required.

Your managed sensors appear to be ASA Firepower service modules. They should similarly be upgraded to the latest available version on your ASA hardware (6.6.x or 7.0.x depending on the hardware model). If they are unresponsive it is sometimes easier to simply re-image them with the current software and re-manage them in FMC.

I don't usually see that affect ASDM loading though - although it is possible.

View solution in original post

Re-imaging is for the Firepower service modules only. It does not affect the running configuration on the parent ASAs or their contexts. You would re-image the modules one at a time, starting with the standby unit (assuming you made all customer contexts active on a given appliance). While the module re-images it will be unable to do it's function as an IPS but that point is moot while the device is in standby role for all contexts. Once it is backup up and successfully operating and registered to FMC, you then failover to make that appliance active and repeat the process for the formerly active appliance.

View solution in original post

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

Your FMC a bit older software. 7.0.x is the current recommended version. I have seen older versions encounter bugs that can cause the high CPU utilization. Also make sure your VM environment meets all of the recommended specifications for the FMC VM - 32 GB of memory for example.

The backup job need to be terminated manually, usually with TAC assistance, as direct manipulation of the underlying database is required.

Your managed sensors appear to be ASA Firepower service modules. They should similarly be upgraded to the latest available version on your ASA hardware (6.6.x or 7.0.x depending on the hardware model). If they are unresponsive it is sometimes easier to simply re-image them with the current software and re-manage them in FMC.

I don't usually see that affect ASDM loading though - although it is possible.

shenseung.lim
Level 1
Level 1

Dear Marvin, thank you kindly for the comprehensive reply, you truly are an authority on many complex subjects!

 

Kinldy,
Lim

shenseung.lim
Level 1
Level 1

Quote : 

"Your managed sensors appear to be ASA Firepower service modules. They should similarly be upgraded to the latest available version on your ASA hardware (6.6.x or 7.0.x depending on the hardware model). If they are unresponsive it is sometimes easier to simply re-image them with the current software and re-manage them in FMC."

 

This part made me gulp a little, 
Say if things come to the point where there's simply no where else to go except to indeed "reimage", did you in fact mean that we might thus need to re-image the whole ASA boxes?

If so, would you have a high level tactics on how you would approach the plausible-exercise with minimal impact in mind,
Our ASAs are deployed in HA pairs, and each ASA carry multiple customer 
contexts.

Re-imaging is for the Firepower service modules only. It does not affect the running configuration on the parent ASAs or their contexts. You would re-image the modules one at a time, starting with the standby unit (assuming you made all customer contexts active on a given appliance). While the module re-images it will be unable to do it's function as an IPS but that point is moot while the device is in standby role for all contexts. Once it is backup up and successfully operating and registered to FMC, you then failover to make that appliance active and repeat the process for the formerly active appliance.

shenseung.lim
Level 1
Level 1

Less I become lesser, remembering to say thanks Marvin , you are epic

Review Cisco Networking for a $25 gift card