PA-820 8.0.2 high management cpu repeatedly

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PA-820 8.0.2 high management cpu repeatedly

L4 Transporter

Hey!

My PA-820 firewall does have a cpu utilization of 100% every day on exactly 13:04 o'clock.

It lasts for 3 minutes.

Top shows me four "pan_tasks":

pa.JPG

Can someone help?

10 REPLIES 10

Cyber Elite
Cyber Elite

@MPI-AE,

Do you have packet-diag turned on? 

Sorry?

@MPI-AE,

Run the following and see the output is, this should be disabled. 

debug dataplane packet-diag show setting

Also, see if you don't have this log file if you can. 

less mp-log pan_task.log

You may have a pan_task_# depending on how long this has been going on. If you can look in that pan_task.log you may be able to see what it's actually doing. 

--------------------------------------------------------------------------------
Packet diagnosis setting:
--------------------------------------------------------------------------------
Packet filter
  Enabled:                   no
  Match pre-parsed packet:   no
--------------------------------------------------------------------------------
Logging
  Enabled:                   no
  Log-throttle:              no
  Sync-log-by-ticks:         yes
  Features:
  Counters:
--------------------------------------------------------------------------------
Packet capture
  Enabled:                   no
  Snaplen:                   0
  Username:
--------------------------------------------------------------------------------
---__pan_debug_tag=-2098840---pan_sys_up_ticks=1099509528640---
wqe groups are:
        index:0 flow_lookup
        index:1 flow_fastpath
        index:2 flow_slowpath
        index:3 flow_forwarding
        index:6 nac_result
        index:7 flow_np
        index:8 dfa_result
        index:9 module_internal
        index:10 aho_result
        index:11 zip_result
        index:14 flow_host
thread id is : 4
Multicast fib shared memory usage: 14996136
pan_pbf_mem_use allocate memory size is 465880
pan_vsys_zone_id_list memory is 72.
Neighbor Discovery shared memory usage: 3550512
pan_dos_mem_use dos_class_max_buckets:51200, class_tbl_sz:20684800 bytes
pan_dos_mem_use  dos_block_max_buckets:1024, block_tbl_sz:180224 bytes
pan_dos_mem_use  dos_max_vsys:2, dos_max_rules:100, prof_rt_tbl_sz:8400 bytes
pan_dos_mem_use DoS memory total allocated is:20873480 bytes
pan_sifnet_mem_use sifnet_max_buckets:4096, sifnet_tbl_sz:1572864 bytes
pan_sifnet_mem_use sifnet memory total allocated is:1572880 bytes
IPSec transport mode shared memory usage: 64008
pan_tunnel_app_init set tunnel_data 0x800000029fccf580 for net_data 0x80000002a07c3580
now initing ciphers
now setting evps
ssl ready : 0
In pan_cfg_ucache_app_init
thread id is : 4
Multicast fib shared memory usage: 14996136
pan_pbf_mem_use allocate memory size is 465880
pan_vsys_zone_id_list memory is 72.
Neighbor Discovery shared memory usage: 3550512
pan_dos_mem_use dos_class_max_buckets:51200, class_tbl_sz:20684800 bytes
pan_dos_mem_use  dos_block_max_buckets:1024, block_tbl_sz:180224 bytes
pan_dos_mem_use  dos_max_vsys:2, dos_max_rules:100, prof_rt_tbl_sz:8400 bytes
pan_dos_mem_use DoS memory total allocated is:20873480 bytes
pan_sifnet_mem_use sifnet_max_buckets:4096, sifnet_tbl_sz:1572864 bytes
pan_sifnet_mem_use sifnet memory total allocated is:1572880 bytes
IPSec transport mode shared memory usage: 64008
pan_tunnel_app_init set tunnel_data 0x800000029fccf580 for net_data 0x80000002a07c3580
now initing ciphers
now setting evps
ssl ready : 0
In pan_cfg_ucache_app_init

 

 

 

The four pan tasks show a cpu usage of 99% and a very high duration.

These processes are dead, in my opinion

Does anyone have a hint for me?

 

Is there a way to kill processes? So I could kill the four pan_tasks?

I still don't have any solution.

 

I upgraded to 8.0.7 last week, but that didn't help.

 

I have two additional PA-3020 and they don't show that issue.

 

When I do a "show system resources" on the PA-3020's, there aren't those pan_tasks.

 

Does someone have a PA-820 and can tell me if there are these pan_tasks, too ?

 

Or is the cpu of the PA-820 too weak and that's normal?

 

I mean, I don't even know what the firewall is doing that raises the cpu to 100%.

 

I don't even know if the pan_tasks are responsible for that, but they are indeed suspicious.

 

Especially they aren't on the 3020's.

 

Contact Palo Alto?

@MPI-AE,

I assumed the last time that you've restarted since these showed up, but always a good question just to verify?

Possibly run the show management-clients and show jobs all just to verify that something isn't noticably stuck that we could easily restart the process for. 

 

Short of that I would contact TAC and see if they would be able to give you any insight into what exactly is going on. Prior to opening a ticket I might simply get a technical support file attached to it right from the get-go. They will surely ask for one and having one already attached may save you a little time. 

@BPry

 

Yes, I did a restart.

 

Maybe that's a normal behaviour of the PA-820.

 

Therefore, it would be very useful if a community member who uses a PA-820 can share some experience.

 

I don't want to make myself look stupid.

 

What do you think?

Hi MPI-AE,

 

today I saw the same behaviour on two PA-820 devices.

 

Did you get more detail about this 100%-CPU pan_tasks, yet?

 

 

Regards,

Andi

@ABux

 

Hi Andi,

 

sorry for the late reply. I didn't find a solution yet.

 

What about you?

  • 5039 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!