i have manage a firewall appliance and iwant to make a preventive documentation, so i need to do the health check. i found several docs about the health check and the threshold (temperature, etc). But i didn't find a docs about CPU DP , MP and memory threshold like picture below. is there any docs from palo alto that state about this?
I am not aware of any PA docs which give specific CPU load values. I have been told by PA support that Data Plane CPU sustained load of 50-60% is normal. The actual CPU load will vary depending on how much traffic, how many tunnels, how many security rules, and how much SSL decryption you are doing.
The Management CPU handles various system tasks and, in my experience, generally should be low <20%, but will periodically spike to 60-70% (presumably the system cleaning up logs/system files, HA syncing, and other house keeping tasks). The Data Plane CPU handles the actual traffic filtering. Doing things like forwarding syslogs and authorization requests out the Data Plane ethernet ports (instead of the default management port) can greatly increase the CPU load.
You can view longer interval CPU load samples from the CLI with the "show running resource-monitor" command. Generally I look at the average CPU load values as the max values will be erratic and frequently 80%+ on a loaded firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!