- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-12-2012 10:18 AM
I have only 28,000 active session at this time, which isn't a lot, and my CPU is roughly between 70-80% constantly. We are in our summer semester at school which doesn't have a lot of users on our network. I am nervous when people return in the fall they will be greated with slow internet and possibly crash the Palo Alto.
We are running two Palo-Alto's both running 4.1.6 in Active/Active mode behind ASA 5580's. The only action the PA's are taking is security policies. No QoS, NAT, DLP, or any other process that would require high processing.
My current rules are as follows:
Servers-IN: outside > inside servers allow - no filtering and no server response inspection
Servers: inside servers > outside allow - no filtering and no server response inspection
BLOCKING: any to any Deny - deny any P2P applications
Data-Traffic inside > outside - allow - scanning for URL, Malware, Virus
Data-Traffic outside > inside - allow - scanning for URL, Malware, Virus
Student-Wireless student-wireless > outside - allow - scanning for URL, malware, virus
I was running 4.1.2 and had 100% CPU which was crashing my PA and after digging in the forums found it was a software bug and upgraded to 4.1.6. I hope this is a bug as my max sessions shows over 220,000.
Any help would be greatly appreciated.
P.S. I have read the other threads regarding this issue, but they were on 4.1.2 which had a known bug.
06-12-2012 11:52 AM
Hi,
Sometimes there are cases where large data transfers that are being scanned can cause high CPU. You can use ACC and 'Sort By: Bytes' to find the application pushing through the most data. If there is nothing obvious, I would recommend opening a case with your support team so we can take a deep dive through the resource monitor logs and other data.
- Stefan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!