Standby FTD showing high CPU utilization

MarcusJ · ‎03-14-2024

Hello,

We utilize FMC running 7.2.5 to manage, among others, a pair of FTD 2110s running 7.2.5 in active/standby mode. In the process of moving to 7.2.5 we also upgraded from SNORT 2 to SNORT 3.

We have been getting reports, and have been able to reproduce numerous connection issues through this firewall pair. They are observed mostly with RDP sessions and when moving large files.

I monitored the CPU utilization from expert mode for a while and noticed what I think might be a perl script running to prune or purge data. This runs intermittently but usually shoots the CPU utilization on the standby unit above 90% utilization. I don't know that this is part of the issue, but I'd like to get help understanding if this is expected behavior as we run through all possibilities.

Can anyone confirm this as normal behavior for the pruner.pl script?

The full path is: /user/bin/perl /ngfw/usr/local/sf/bin/Pruner.pl --persistent

MarcusJ · ‎03-14-2024

I should note, that I'm also getting high CPU utilization alerts for a CPU10 but I have not been able to figure out how to see that CPU.

MHM Cisco World · ‎03-17-2024

we need to sure that this FW is standby not Active
the active pass the traffic build conn and inspect it
standby is hold and only sync it info with active
so we need to be sure first it active or standby

MHM

MarcusJ · ‎03-20-2024

The FTD in question is the standby. I've attached a screenshot of the failover state.

b.pugelnik · ‎03-19-2024

You are probably hitting CSCwh79095