What possible reason cause MP CPU higher after integrate with Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

What possible reason cause MP CPU higher after integrate with Panorama

L4 Transporter

Hello,

As this article's title, I setup a Panorama to collect the logs from a PA-2050.

But, when I complete the integration between Panorama and PA-2050, the CPU percentage of  Management Plane become higher.

Before the integration, the MP CPU is lower then 15%. One month later, the average keeps about 59%, sometimes higher then 60%.

But I check the system log and cannot find any question, please give me some suggestions or experiences to troubleshoot it.

I upload an attach file, it's the MRTG graph.

Thanks a lot,

Sample Wu

7 REPLIES 7

L4 Transporter

This could be related to log forwarding.

Are you forwarding logs to Panorama?

Hi, mschuricht,

Yes, but I didn't see this situation in other PAN firewall that integrated with Panorama.

In normal, the MP CPU should not be so high, right ?

It all depends on how much traffic is being seen by the device, how many logs/sec are being forwarded (based on Policy), and is also related to the firewall platform.

Hi, mschuricht,

Thanks for your reply, but I'm still confused.

Do you mean that it's may be a normal situation in PA2050 because it's hardware performance limitation when PA2050 must process huge traffic and forward logs at the same time ?

In my uploaded MRTG graph, the traffic became lower and DP CPU was decreasing after 12th January, but the MP CPU still keep in a high percent. How can I do to make the MP CPU become lower ?

Thanks,

Sample

Not exactly. I mean that you cannot really compare a PA-2050 deployed in one location with the performance of another in a different location. The traffic passing through the box will likely differ and so will the policy. If you want to do a comparison it should be apples to apples with the same traffic and policy applied.

Can you run "debug log-receiver statistics" to get a sense for how many logs/sec are being processed by the device?

Have you opened a case to have TAC take a look?

Hi, mschuricht,

Thank you, I got it.

I have not open a case yet, but I will.

Thanks for your help again, ^_^

Regards,

Sample

Also which PANOS version is used?

The PA-2000 series have some issues with mgmtplane which compared to PA-3000 series is much slower which of course could bring you a higher cpu usage. As long as this doesnt reach 100% you should be safe.

There have also been some issues addressed regarding mgmtplane and performance in the later releases of 4.1 and 5.0 series.

  • 3727 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!