FPR-1010 High memory usage - FTD code

SinRez · ‎07-19-2022

Hi,

We have a FPR-1010 with the FTD code 6.6.x code and also being managed by FDM and not FMC which has high memory since day one.

I noticed since these FPRs should have 8 GB of memory but when i type show memory or show version it only shows close to 3 GB of total memory. Can someone let me know why this is that?

Hardware: FPR-1010, 2830 MB RAM, CPU Atom C3000 series 2200 MHz, 1 CPU (4 cores)

# show memory
Free memory: 726218050 bytes (24%)
Used memory: 2241345152 bytes (76%)
------------- ------------------
Total memory: 2967563202 bytes (100%)

Note: Free memory is the free system memory. Additional memory may
be available from memory pools internal to the firewall process.
Use 'show memory detail' to see this information, but use it
with care since it may cause CPU hogs and packet loss under load.

But when I go to the expert mode it shows 8 GB of memory

FTD1:/home/admin# grep MemTotal /proc/meminfo

MemTotal: 8114616 kB

I would appreciate if someone could help.

McHildinger · ‎07-20-2022

This is an interesting issue, please let us know if you find a solution.

SinRez · ‎08-03-2022

Hi,

I was wondering if anyone can help me with this.

Thanks,

Sina

Marius Gunnerud · ‎08-03-2022

show memory (from diagnostic-cli and ftd prompt >) will show the memory allocated to LINA while show memory system from FTD > prompt will show all memory for the system

--
Please remember to select a correct answer and rate helpful posts

SinRez · ‎08-03-2022

Thanks alot for the information, is it possible to allocate more memory to LINA. Because the firewalls are using only 3GB of memory and the memory usage is at 70 % at the moment.

Marius Gunnerud · ‎08-03-2022

I am not entirely sure if it is possible to manually allocate memory. Remember that you dont just have LINA. LINA is probably the one that uses the least amount of memory. You also have SNORT which does all IPS, URL filtering, Malware lookups and filtering, file analysis, SSL decryption, etc. which require a lot more memory than the regular packet filtering that LINA does. Even if it is possible I would not suggest doing the changes on your own and recommend that you do this with Cisco TAC. This way you will still be able to get support for your product if something goes wrong...but again, I don't even know if it is possible.

Although 70% is a bit high, it is not warrant for concern, in my opinion, yet. Perhaps look into how much traffic is passing through your firewall, how many access rules you have, how many network objects you have as this can have an affect on memory.

--
Please remember to select a correct answer and rate helpful posts

CiscoBrownBelt · ‎11-07-2023

Any condition in particular would cause memory usage on a FTD to be over 80%?

Marius Gunnerud · ‎11-08-2023

The most common condition I have seen for high memory usage is an excessive number of ACL entries. Issue the command "show access-list element-count" (without quotes) in CLI and see what it comes back with.

have you enabled Object Group Search and / or Interface Object Optimization? If not and you have a high access-list entry count, consider enabling them.

--
Please remember to select a correct answer and rate helpful posts

tonypearce1 · ‎10-23-2022

Mine are using 83% for LINA dataplane memory (virtual FTD)

There is nothing online about this, whether it is safe or normal or something which needs to be fixed which is how I found and came here. Default warning is set to 80% consumed of total with critical being 90%.

So with yours at 70% it's completely in the normal and I would not be concerned at all. Remember, everything gets loaded to memory first. Any unused memory is wasted memory because if something is required to be loaded then it first has to copy it to memory. The caveat is free memory buffer in case of X/Y/Z.

Usman Mushtaq · ‎11-07-2023

Hello,

FPR-1010 High memory usage - FTD code" suggests a technical issue related to the Cisco Firepower 1010 security appliance. High memory usage in the FTD (Firepower Threat Defense) code can impact the device's performance and security functions. It typically requires troubleshooting and optimization to ensure the device operates efficiently and effectively, maintaining network security and stability.

jpergolizzi · ‎01-28-2025

Folks, hi there, I realize this is a little old, but I just ran into this issue recently with a new FPR-1010. Mine was running at 97% and when it got that high it would cause AnyConnect connections that use SAML for MFA to fail. Apparently there's a bug when there are multiple instances of the AnyConnect client on the device to cause LINA / dataplane memory to skyrocket. I had 3 and have removed 2. Now my memory is down to 84.1%, still a little high. I'm working with Cisco TAC on this now. If you are still seeing this issue and running AnyConnect or SecureClient, check to see how many client versions you have on the box.

Sheraz.Salim · ‎01-28-2025

we had a similar issue in production the work around to fix the issue was we have to move our anyconnect from TLS to ikev2. once we moved our cpu usage come down to 70% prior to this we were always on 90-95%. might this help others.

please do not forget to rate.

jpergolizzi · ‎01-28-2025

Btw, here's the bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc82675

ccieexpert · ‎01-30-2025

Technically it is not a defect/bug..It is marked as a severity 6 which is enhancement, but then it is just documenting that lower platforms will be impacted... in reality, it is just that lower end platforms really dont have enough memory to be honest (:

ccieexpert · ‎01-28-2025

what happens is that each anyconnect/secure client package has to be cached in memory as users need to access it and also for upgrades etc.. thus the increase in memory... apparently some of these platforms have limited memory and there can be constraints.. work with TAC to get to the bottom of this ...