Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6507
Views
10
Helpful
3
Replies

FTD CPU Utilization

polleyjb01
Level 1
Level 1

‎03-16-2022 04:38 AM

I turned on the health policy for CPU Utilization for the FTD.

I set the warning to 80% and the critical to 90%

 

I now have a lot of warnings. The CPU is always bouncing around 80%-92%

 

1. Is this a sign of a serious issue?

2. How can I go about lowering the CPU usage? What can be done?

3 people had this problem
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2022 04:42 AM

you need to check what causing the issue :

 

what version of code running and also check below output :

 

> show processes cpu-usage sorted non-zero

> show cpu usage detailed

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

buffkata
Level 1
Level 1

‎03-16-2022 11:39 AM

Good luck finding what is wrong - and welcome to my world. 

Also check traffic - as I found usually that is what is causing the FTD CPU to go above 80%. 

Show Traffic - combine all IN/OUT bytes( I use 1 minute)  from each physical interface and compare to your device total throughput. 

Share what is your FTD  version and hardware ? 

Do you have RAVPN users and how many ? 

Do you have site to site VPN tunnels and how many  ?

 

0 Helpful

Octavian Szolga
Level 4
Level 4
In response to buffkata

‎03-17-2022 06:15 AM

Hi,

 

I think it's a good idea to check this article about CPU utlization on FTD:

 

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/white-paper-c11-741739.html

 

CPU monitoring using SNMP from FTD

As discussed earlier, the SNMP from FTD today relays information about the FTD data plane. So when we query the SNMP module on FTD for CPU utilization statistics, the data returned talks about the CPU utilization of the CPU cores running data plane threads. As discussed in the last section, the data plane CPUs are almost always active. In contrast to the SNMP queries to FXOS, the SNMP queries to FTD software ensure that the correct CPU utilization values are returned. The data plane only reports the statistics for CPU usage when it has a packet to process. It discards the CPU utilization values for the rest of the times when it is just busy checking if there are packets available to process.

With respect to CPU utilization, querying the FTD software is more meaningful since it returns more accurate data. The potential drawback is that the data returned shows the true state of only a subset of the CPUs.

 

FMC health policy for CPU monitoring

FMC allows monitoring of CPUs as part of its health policy configuration. If CPU monitoring is enabled, the FMC queries the sensors for their CPU status and reports the CPU utilization values in the FMC. The CPU utilization values reported by the FMC as part of the health monitoring process are the true CPU utilization values for all the CPU cores.

Although the values reported using this approach are the correct CPU utilization values, the problem with this approach is that it does not provide any information about the type of process running on the specific CPU.

Among the options available to monitor the CPU utilization, the FMC health monitor is the best option to monitor the device for high CPU utilization cases. As explained later in this paper, one can set up SNMP-based alerts in their health policies, and that can be utilized to integrate this solution with any existing SNMP-based monitoring process that already exists in the managed network.

 

Please mention your FTD/FMC version and hardware.

 

BR,

Octavian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card