Hello @cisco.13 

Thanks for reaching out  

first thing first: the proxy memory or Prox Mem buffer are the memory allocated to proxy process. they are not for whole WSA.

so if you see 90% CPU usage for Web Proxy, this is Proxy process, which is responsible for authentication and policy matching.

and overall CPU usage is sum of all internal processes. 

usually when we see high proxy process load, it is due to device is overloaded or complex configuration, 

can you please share some log lines from SHD_Logs ?

https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance/220446-troubleshoot-secure-web-appliance-perfor.html

and about configuration complexity I can share this best practice guide : 

https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance/220375-use-secure-web-appliance-best-practices.html

about : 

3- My "CPU Usage by Function" > Web Proxy = 90% -100% (over 1 hour), How to know if : webcache > IGNORE (IGNORE : Configuring domains and URLs never to be cached) affects CPU performance ?

it depends on the traffic to that destination URL(s) you can check from GUI > reporting > website, to see top URLs which your clients are accessing.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Hello,

@amojarra, thank you for these explanations, Here is the file SHD_Logs

I have identified the traffic that consumes the most and it causes delays, I don't want "Overall Bandwidth Limit" is there a way to lower the CPU process Proxy Web?

Ports P1/P2 on S300v can be 10 Gb (if media = Autoselect) or only 1 Gb ?

Thank you

Hello,

@amojarra, do you have the answer please?

someone ?

Thanks

Hello @cisco.13 

Sorry For late reply, I was off  

about : is there a way to lower the CPU process Proxy Web?

you can reduce the number of Regular Expressions, ID profiles and Policies, 

By pass some trusted URLs from being authenticated and Decrypted, such as Microsoft Updates, Anti Virus Updates and ... 

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/214746-how-to-exempt-office-365-traffic-from-au.html

for : 

Ports P1/P2 on S300v can be 10 Gb (if media = Autoselect) or only 1 Gb ?

I am not sure, please allow me more research, I will get back to you as soon as I get a solid answer. 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

Hi @cisco.13 

Sorry for late reply. 

I was struggling with some LAB limitations.

I have got the confirmation there is no limitation hard-coded in AsyncOS.

just please be advised, while you are proxying the traffic, the internet speed will be reduced due to scanning process.

Again, sorry for late reply.

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++   If you find this answer helpful, please rate it as such  ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++