Firewall deployed on Azure is showing MP constantly high

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Firewall deployed on Azure is showing MP constantly high

L2 Linker

Hi Team,
Please be informed that we have Palo Alto firewall deployed on Azure platform with below details.

family: vm
model: PA-VM
vm-license: VM-SERIES-4
vm-cap-tier: T2-14GB
vm-cpu-count: 4
vm-memory: 14351728
vm-mode: Microsoft Azure
cloud-mode: cloud
sw-version: 10.2.9-h1

Based on above details, I checked and found out this document which explains maximum default data plane vCPUs are 4 for 14 GB memory.
https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/license-the-vm-series-firewall...

MSharma415844_0-1725803280789.png


If I run the command "show running resource-monitor second last 60" so I can see that this firewall have 4 cores. 3 out of 4 cores are for DP and only one core is for MP.

Now if I check the dashboard, I can see that firewall MP is constantly high. I ran the command "show system resources follow" and observed that 'userid' process is constantly utilizing 70to 80 % CPU.

I further checked the userid logs and I have observed that firewall is trying to make a connection with Terminal Server Agents configured in the User Identification which is getting failed. There are 7 TSA are configured.

MSharma415844_1-1725803477810.png

MSharma415844_2-1725803565599.png

 

Please advise below:

1. As per my understanding, as firewall is trying to make a connection with TSA agents constantly, this is the reason process 'userid' is showing high and this is the reason MP CPU is also showing high.
2. Also, I am looking for confirmation regarding no of CPUs and cores for this firewall.

1 REPLY 1

L0 Member

Hi M.Sharma415844,

 

Your firewall is on version 10.2.9-h1.

There are several fixes in the later versions indicating problems with either memory corruption or similar issues in regards to the useridd process:

https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/10-1/pan-os-release-notes/pa...

I would upgrade the firewall to the preferred release which at the time of writing this reply is:

P 10.1.13-h1 05/02/24 Preferred Release

 

All the best,

  • 593 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!