3 weeks ago
- last edited
2 weeks ago
Seeing a high management CPU load is an ever returning topic and gives many administrators headaches. I'm not saying you can safely ignore all these events but seeing a high load on the management CPU is not entirely uncommon when performing certain tasks on the firewall.
Last week community member jproving posted an interesting question regarding high management plane CPU load:
So, before getting all worked up like Vegeta in the illustration below, try figuring out what's causing the high load.
It's over 9000 !
Is the high load always present or only when doing specific tasks.
Some examples that can cause spikes :
Watching ACC can cause high spikes in the management CPU because this queries the log database and recompiles the output on screen!
Performing commits are known to give high CPU spikes. A lot depends on your configuration vs hardware of course. The more objects, rules, etc. your firewall needs to compile during a commit, the more likely it is that you will get a spike in CPU. This mostly happens in phase1 of your commit. The load should go down after phase1 is complete.
It gets a little more challenging when the load is always there. There are a couple of tips and trick you can use to reduce the management CPU load in general.
Some of these tips involve changing your logging behaviour or disabling some of the pre-defined reports. Explained in more details right here :