High Dataplan CPU PA2050-4.1.6

u10723 — Tue, 12 Jun 2012 17:18:02 GMT

I have only 28,000 active session at this time, which isn't a lot, and my CPU is roughly between 70-80% constantly. We are in our summer semester at school which doesn't have a lot of users on our network. I am nervous when people return in the fall they will be greated with slow internet and possibly crash the Palo Alto.

We are running two Palo-Alto's both running 4.1.6 in Active/Active mode behind ASA 5580's. The only action the PA's are taking is security policies. No QoS, NAT, DLP, or any other process that would require high processing.

My current rules are as follows:

Servers-IN: outside > inside servers allow - no filtering and no server response inspection

Servers: inside servers > outside allow - no filtering and no server response inspection

BLOCKING: any to any Deny - deny any P2P applications

Data-Traffic inside > outside - allow - scanning for URL, Malware, Virus

Data-Traffic outside > inside - allow - scanning for URL, Malware, Virus

Student-Wireless student-wireless > outside - allow - scanning for URL, malware, virus

I was running 4.1.2 and had 100% CPU which was crashing my PA and after digging in the forums found it was a software bug and upgraded to 4.1.6. I hope this is a bug as my max sessions shows over 220,000.

Any help would be greatly appreciated.

P.S. I have read the other threads regarding this issue, but they were on 4.1.2 which had a known bug.

Re: High Dataplan CPU PA2050-4.1.6

sspringer — Tue, 12 Jun 2012 18:52:45 GMT

Hi,

Sometimes there are cases where large data transfers that are being scanned can cause high CPU. You can use ACC and 'Sort By: Bytes' to find the application pushing through the most data. If there is nothing obvious, I would recommend opening a case with your support team so we can take a deep dive through the resource monitor logs and other data.

- Stefan

topic High Dataplan CPU PA2050-4.1.6 in General Topics

High Dataplan CPU PA2050-4.1.6

Re: High Dataplan CPU PA2050-4.1.6