FTD got high memory utilization every deployment during office hours

Herald Sison · ‎10-11-2022

Hi Everyone,

i noticed lately in the past few months that every time i deploy some changes to my FTD device via FMC my FTD device gives me a high memory usage warning or error. Is this something that will be fixed by installing the update (7.0.2-88) available for my FTD device?

here are some details below:

Device: ASA5508X

FTD version: 7.0.1.1

FMC version: 7.0.1.1

VDB version: build 356 ( 2022-06-17 14:39:38 )

SRU version: 2022-10-10-001-vrt

LSP version: lsp-rel-20221010-1449

Geolocation version: 2022-08-23-100

Thank you and more power!

Marvin Rhoads · ‎10-12-2022

Your best course of action would be to upgrade to the current recommended release (7.0.4 as of this writing) and see if that fixes the issue. If not, then TAC would be the best course of action to check for any remaining unresolved bugs that you may be hitting.

Herald Sison · ‎10-12-2022

i will update the FTD version this coming weekend and we'll update this thread.

Herald Sison · ‎10-16-2022

Hi Sir, i have update the FTD and FMC to 7.0.4-55 and the error was gone after reboots. however, everytime i deploy something the error pops out again, i think the error will be gone if i reboot the FTD itself and pops out again if i will perform a deployment. here is the error that pops out.

by the way i am running Snort2, would you recommend upgrading to Snort3 would that make any improvements? I read some KB that snort 3 is more flexible and simplified and also may used a little memory.

"FTD Deployed configurations are too large"

patoberli · ‎12-27-2022

Were you ever able to fix this issue?

Regarding Snort3, if I'm not mistaken, your device doesn't support it. Otherwise it would be a way to save some memory.

Herald Sison · ‎02-06-2023

HI Sir, i am running snort 3 now with 7.0.5 FTD version. so far my memory utilization is just running around 40%-60% and no error came out so far.

Marius Gunnerud · ‎12-28-2022

How many ACP rules do you have and how many of these ACP rules have network object groups with multiple entries?

I have seen this behavior and in our case it was the number of ACP rules that was being exceeded. Check the memory on the FTD (show memory) and the command show access-list element-count

In newer versions of FTD there is an option under Devices - Device Management - edit the device -> Device call Object Group Search which will prevent the rules from expanding in the running config and will instead perform a search within the group there by saving some memory. If you are running into the issue of to many ACP rules you should consider enabling this feature.

--
Please remember to select a correct answer and rate helpful posts

patoberli · ‎12-28-2022

Thanks, I'll need to check the ACP amount once I'm able to.

The "Object Group Search" sadly can't be enabled, it seems that only works on Firepower hardware and not on ASA5516-X running the FTD software as a module. The option is there in the FMC, but it can't be Saved once it's enabled. Might also be a software bug, one of the reasons why I actually want to upgrade, for which I first want to have a successfull deploy.