Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2979
Views
7
Helpful
9
Replies

FPR-1010 High memory usage - FTD code

SinRez
Level 1
Level 1

‎07-19-2022 06:27 AM - edited ‎07-19-2022 06:27 AM

Hi,

We have a FPR-1010 with the FTD code 6.6.x code and also being managed by FDM and not FMC which has high memory since day one.

I noticed since these FPRs should have 8 GB of memory but when i type show memory or show version it only shows close to 3 GB of total memory. Can someone let me know why this is that?

Hardware: FPR-1010, 2830 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 cores)

# show memory
Free memory: 726218050 bytes (24%)
Used memory: 2241345152 bytes (76%)
------------- ------------------
Total memory: 2967563202 bytes (100%)

Note: Free memory is the free system memory. Additional memory may
be available from memory pools internal to the firewall process.
Use 'show memory detail' to see this information, but use it
with care since it may cause CPU hogs and packet loss under load.

But when I go to the expert mode it shows 8 GB of memory

FTD1:/home/admin# grep MemTotal /proc/meminfo

MemTotal:        8114616 kB

I would appreciate if someone could help.

 

 

9 Replies 9

McHildinger
Level 1
Level 1

‎07-20-2022 06:10 AM

This is an interesting issue, please let us know if you find a solution.

0 Helpful

SinRez
Level 1
Level 1

‎08-03-2022 06:17 AM

Hi,

I was wondering if anyone can help me with this.

Thanks,

Sina

0 Helpful

Marius Gunnerud
VIP
VIP

‎08-03-2022 07:11 AM

show memory (from diagnostic-cli and ftd prompt >) will show the memory allocated to LINA while show memory system from FTD > prompt will show all memory for the system

--
Please remember to select a correct answer and rate helpful posts

SinRez
Level 1
Level 1
In response to Marius Gunnerud

‎08-03-2022 07:14 AM

Thanks alot for the information, is it possible to allocate more memory to LINA. Because the firewalls are using only 3GB of memory and the memory usage is at 70 % at the moment.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to SinRez

‎08-03-2022 08:27 AM

I am not entirely sure if it is possible to manually allocate memory.  Remember that you dont just have LINA.  LINA is probably the one that uses the least amount of memory.  You also have SNORT which does all IPS, URL filtering, Malware lookups and filtering, file analysis, SSL decryption, etc. which require a lot more memory than the regular packet filtering that LINA does.  Even if it is possible I would not suggest doing the changes on your own and recommend that you do this with Cisco TAC.  This way you will still be able to get support for your product if something goes wrong...but again, I don't even know if it is possible.

Although 70% is a bit high, it is not warrant for concern, in my opinion, yet.  Perhaps look into how much traffic is passing through your firewall, how many access rules you have, how many network objects you have as this can have an affect on memory.

--
Please remember to select a correct answer and rate helpful posts

CiscoPurpleBelt
Level 6
Level 6
In response to Marius Gunnerud

‎11-07-2023 09:41 AM

Any condition in particular would cause memory usage on a FTD to be over 80%?

0 Helpful

Marius Gunnerud
VIP
VIP
In response to CiscoPurpleBelt

‎11-08-2023 04:27 AM

The most common condition I have seen for high memory usage is an excessive number of ACL entries.  Issue the command "show access-list element-count" (without quotes) in CLI and see what it comes back with.

have you enabled Object Group Search and / or Interface Object Optimization?  If not and you have a high access-list entry count, consider enabling them. 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

tonypearce1
Level 3
Level 3

‎10-23-2022 10:48 PM

Mine are using 83% for LINA dataplane memory (virtual FTD)

There is nothing online about this, whether it is safe or normal or something which needs to be fixed which is how I found and came here. Default warning is set to 80% consumed of total with critical being 90%.

So with yours at 70% it's completely in the normal and I would not be concerned at all. Remember, everything gets loaded to memory first. Any unused memory is wasted memory because if something is required to be loaded then it first has to copy it to memory. The caveat is free memory buffer in case of X/Y/Z. 

0 Helpful

Usman Mushtaq
Level 1
Level 1

‎11-07-2023 09:48 AM

Hello,

FPR-1010 High memory usage - FTD code" suggests a technical issue related to the Cisco Firepower 1010 security appliance. High memory usage in the FTD (Firepower Threat Defense) code can impact the device's performance and security functions. It typically requires troubleshooting and optimization to ensure the device operates efficiently and effectively, maintaining network security and stability.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card