Solved: High cpu utiization on IPS module

Colin Higgins · ‎04-14-2014

I have two Cisco ASA5540X firewalls with IPS modules configured in a failover pair.

Behind this firewall pair (on the inside) are about 140 hosts that use various web-enabled applications, minimal Internet, some email (maybe 10 hosts), and some light file-sharing/access

My IPS is configured for inline analysis, but I have noticed that the cpu runs 100% all the time (6 cores). Since I don't want any traffic by-passing the IPS, my configuration on the firewall looks like this

access-list ips_traffic extended permit ip any any

access-list ips_traffic extended permit udp any any

class-map ips_class

match access-list ips_traffic

policy-map global_policy

class ips_class

ips inline fail-open

Why is the utilization so high on the IPS? Anything I can do here?

luckymike33 · ‎04-14-2014

Hi,

Although not an expert in this particular field I have installed a handful of these and all of them have had a a CPU load of 100%, I was told by our support that the CPU load on an IPS is very inaccurate way of determining load, it is much better to use the inspection processing load.

After further digging I found this - the issue is discussed as part of this bug - CSCtl74475

HTH

Mike

View solution in original post

Ravi Singh · ‎04-16-2014

This is bug - CSCtl74475.

View solution in original post

luckymike33 · ‎04-14-2014

Hi,

Although not an expert in this particular field I have installed a handful of these and all of them have had a a CPU load of 100%, I was told by our support that the CPU load on an IPS is very inaccurate way of determining load, it is much better to use the inspection processing load.

After further digging I found this - the issue is discussed as part of this bug - CSCtl74475

HTH

Mike

Ravi Singh · ‎04-16-2014

This is bug - CSCtl74475.