https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-3410-firewall-100-dp-cpu-spike/m-p/1252801#M6863 <P>Hello all,<BR /><BR /></P><P>We are seeing sudden spikes in Data Plane CPU on our Palo Alto Networks PA-3410 firewalls running PAN-OS 11.1.13. The CPU usage jumps to 100% for a few seconds and then returns to normal automatically. This happens randomly, with no fixed timing. We have observed this at two different locations where we have PA-3410.<BR /><BR /></P><P>Initially, we suspected this due to a traffic spike but that doesn't seems to be the case. The Palo Alto Engineering team suggested disabling the NetFlow profile temporarily, but that did not resolve the issue. The TAC case is still open.<BR /><BR /></P><P>Has anyone experienced a similar issue or has any inputs?</P> Wed, 22 Apr 2026 17:48:19 GMT SutareMayur 2026-04-22T17:48:19Z https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-3410-firewall-100-dp-cpu-spike/m-p/1252801#M6863 <P>Hello all,<BR /><BR /></P><P>We are seeing sudden spikes in Data Plane CPU on our Palo Alto Networks PA-3410 firewalls running PAN-OS 11.1.13. The CPU usage jumps to 100% for a few seconds and then returns to normal automatically. This happens randomly, with no fixed timing. We have observed this at two different locations where we have PA-3410.<BR /><BR /></P><P>Initially, we suspected this due to a traffic spike but that doesn't seems to be the case. The Palo Alto Engineering team suggested disabling the NetFlow profile temporarily, but that did not resolve the issue. The TAC case is still open.<BR /><BR /></P><P>Has anyone experienced a similar issue or has any inputs?</P> Wed, 22 Apr 2026 17:48:19 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-3410-firewall-100-dp-cpu-spike/m-p/1252801#M6863 SutareMayur 2026-04-22T17:48:19Z https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-3410-firewall-100-dp-cpu-spike/m-p/1253209#M6880 <P>Intermittent Data Plane CPU spikes to 100% on PA-3410 devices running PAN-OS 11.1.13, especially when they drop back to normal within seconds, are often linked to short-lived bursts of specific processes rather than sustained traffic load. Since disabling NetFlow didn’t help, it’s worth looking deeper into dataplane-intensive features such as App-ID, SSL decryption, WildFire submissions, or logging/packet buffer handling, as these can briefly consume high CPU during classification or session setup. You should check show running resource-monitor and show session info during or immediately after a spike to identify which process is responsible. Also review whether there are spikes in new session rates, zone protection activity, or packet drops. If the issue is seen across multiple sites, it could point to a PAN-OS bug or pattern-triggered behavior, so collecting tech support files and enabling packet-diag or dp-monitor logging around the event will help TAC correlate. Until the TAC case progresses, ensuring content updates are current and testing with selective feature disablement (like SSL decryption or specific security profiles) in a controlled window may help isolate the trigger.</P> Tue, 28 Apr 2026 10:25:39 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-3410-firewall-100-dp-cpu-spike/m-p/1253209#M6880 julie97cardi 2026-04-28T10:25:39Z