cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5574
Views
7
Helpful
9
Replies

FPR-1010 High memory usage - FTD code

SinRez
Level 1
Level 1

Hi,

We have a FPR-1010 with the FTD code 6.6.x code and also being managed by FDM and not FMC which has high memory since day one.

I noticed since these FPRs should have 8 GB of memory but when i type show memory or show version it only shows close to 3 GB of total memory. Can someone let me know why this is that?

Hardware: FPR-1010, 2830 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 cores)

# show memory
Free memory: 726218050 bytes (24%)
Used memory: 2241345152 bytes (76%)
------------- ------------------
Total memory: 2967563202 bytes (100%)

Note: Free memory is the free system memory. Additional memory may
be available from memory pools internal to the firewall process.
Use 'show memory detail' to see this information, but use it
with care since it may cause CPU hogs and packet loss under load.

But when I go to the expert mode it shows 8 GB of memory

FTD1:/home/admin# grep MemTotal /proc/meminfo

MemTotal:        8114616 kB

I would appreciate if someone could help.

 

 

9 Replies 9

McHildinger
Level 1
Level 1

This is an interesting issue, please let us know if you find a solution.

SinRez
Level 1
Level 1

Hi,

I was wondering if anyone can help me with this.

Thanks,

Sina

show memory (from diagnostic-cli and ftd prompt >) will show the memory allocated to LINA while show memory system from FTD > prompt will show all memory for the system

--
Please remember to select a correct answer and rate helpful posts

Thanks alot for the information, is it possible to allocate more memory to LINA. Because the firewalls are using only 3GB of memory and the memory usage is at 70 % at the moment.

I am not entirely sure if it is possible to manually allocate memory.  Remember that you dont just have LINA.  LINA is probably the one that uses the least amount of memory.  You also have SNORT which does all IPS, URL filtering, Malware lookups and filtering, file analysis, SSL decryption, etc. which require a lot more memory than the regular packet filtering that LINA does.  Even if it is possible I would not suggest doing the changes on your own and recommend that you do this with Cisco TAC.  This way you will still be able to get support for your product if something goes wrong...but again, I don't even know if it is possible.

Although 70% is a bit high, it is not warrant for concern, in my opinion, yet.  Perhaps look into how much traffic is passing through your firewall, how many access rules you have, how many network objects you have as this can have an affect on memory.

--
Please remember to select a correct answer and rate helpful posts

Any condition in particular would cause memory usage on a FTD to be over 80%?

The most common condition I have seen for high memory usage is an excessive number of ACL entries.  Issue the command "show access-list element-count" (without quotes) in CLI and see what it comes back with.

have you enabled Object Group Search and / or Interface Object Optimization?  If not and you have a high access-list entry count, consider enabling them. 

--
Please remember to select a correct answer and rate helpful posts

tonypearce1
Level 3
Level 3

Mine are using 83% for LINA dataplane memory (virtual FTD)

There is nothing online about this, whether it is safe or normal or something which needs to be fixed which is how I found and came here. Default warning is set to 80% consumed of total with critical being 90%.

So with yours at 70% it's completely in the normal and I would not be concerned at all. Remember, everything gets loaded to memory first. Any unused memory is wasted memory because if something is required to be loaded then it first has to copy it to memory. The caveat is free memory buffer in case of X/Y/Z. 

Usman Mushtaq
Level 1
Level 1

Hello,

FPR-1010 High memory usage - FTD code" suggests a technical issue related to the Cisco Firepower 1010 security appliance. High memory usage in the FTD (Firepower Threat Defense) code can impact the device's performance and security functions. It typically requires troubleshooting and optimization to ensure the device operates efficiently and effectively, maintaining network security and stability.

Review Cisco Networking for a $25 gift card