Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

High Dataplan CPU PA2050-4.1.6

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

High Dataplan CPU PA2050-4.1.6

Not applicable

I have only 28,000 active session at this time, which isn't a lot, and my CPU is roughly between 70-80% constantly.  We are in our summer semester at school which doesn't have a lot of users on our network. I am nervous when people return in the fall they will be greated with slow internet and possibly crash the Palo Alto.

We are running two Palo-Alto's both running 4.1.6 in Active/Active mode behind ASA 5580's.  The only action the PA's are taking is security policies.  No QoS, NAT, DLP, or any other process that would require high processing.

My current rules are as follows:

Servers-IN: outside > inside servers allow - no filtering and no server response inspection

Servers: inside servers > outside  allow - no filtering and no server response inspection

BLOCKING: any to any Deny - deny any P2P applications

Data-Traffic inside > outside - allow - scanning for URL, Malware, Virus

Data-Traffic outside > inside - allow - scanning for URL, Malware, Virus

Student-Wireless student-wireless > outside - allow - scanning for URL, malware, virus

I was running 4.1.2 and had 100% CPU which was crashing my PA and after digging in the forums found it was a software bug and upgraded to 4.1.6.  I hope this is a bug as my max sessions shows over 220,000.

Any help would be greatly appreciated. 

P.S. I have read the other threads regarding this issue, but they were on 4.1.2 which had a known bug.

1 REPLY 1

L4 Transporter

Hi,

Sometimes there are cases where large data transfers that are being scanned can cause high CPU. You can use ACC and 'Sort By: Bytes' to find the application pushing through the most data. If there is nothing obvious, I would recommend opening a case with your support team so we can take a deep dive through the resource monitor logs and other data.

- Stefan

  • 1968 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!