CPU MP, DP and Memory Threshold

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

CPU MP, DP and Memory Threshold

L3 Networker

Hello all,

i have manage a firewall appliance and iwant to make a preventive documentation, so i need to do the health check. i found several docs about the health check and the threshold (temperature, etc). But i didn't find a docs about CPU DP , MP and memory threshold like picture below. is there any docs from palo alto that state about this?

 

DennyChanditya_1-1668530658176.png

DennyChanditya_0-1668530929615.png

 

Thanks,

Denny

 

4 REPLIES 4

L6 Presenter

 I am not aware of any PA docs which give specific CPU load values. I have been told by PA support that Data Plane CPU sustained load of 50-60% is normal. The actual CPU load will vary depending on how much traffic, how many tunnels, how many security rules, and how much SSL decryption you are doing.

 

The Management CPU handles various system tasks and, in my experience, generally should be low <20%, but will periodically spike to 60-70% (presumably the system cleaning up logs/system files, HA syncing, and other house keeping tasks). The Data Plane CPU handles the actual traffic filtering. Doing things like forwarding syslogs and authorization requests out the Data Plane ethernet ports (instead of the default management port) can greatly increase the CPU load.

 

You can view longer interval CPU load samples from the CLI with the "show running resource-monitor" command. Generally I look at the average CPU load values as the max values will be erratic and frequently 80%+ on a loaded firewall.

 

How to Troubleshoot High Dataplane CPU 

Identifying and Resolving High Dataplane CPU caused by packet-diag logging 

Thank you Adrian for the explanation, i hope Palo Alto update about this in their docs.

i know the CPU load parameter may vary, for now i will refer the 60% for the CPU Parameters.

L1 Bithead

Hi all, 

 

Based on above mentioned, PA can support 50-60% of CPU utilization. May I know if this apply for all Palo Alto hardware firewall regardless of model?

Hi,

I think its apply to every model, since we cant find the documentation about this threshold

i always use 60% for mgt cpu, and 90% for dataplane.

  • 4898 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!