Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Is this normal CPU% on FWSM

I got a 6506-e with fwsm module.

I get around 80 connections per sec, mainly UDP.

The proc is constantly at 20-22%

Is this normal for these connections?

How do I troubleshoot this?

3 REPLIES
Community Member

Re: Is this normal CPU% on FWSM

I'm not sure if it is normal.

Please take 3 outputs of "show proc" each 60 seconds appart and post.

Also if possible please post "show run" without sensitive information? What type of traffic are you inspecting?

If you do a "show pc conn" what connections do you see? Is there one type of traffic in particular? Again if possible post the output here?

Community Member

Re: Is this normal CPU% on FWSM

Is this FWSM running in single or multiple context mode?

Community Member

Re: Is this normal CPU% on FWSM

I fixed the problem.

There were about 80 DNS UDP requests passing through the FWSM per second.

inspect DNS maximum-length 512 - was enabled and this killed the CPU%

I disabled DNS inspetion and CPU dropped to 0%

I'm happy that the problem is fixed but it sucks that the FWSM cant handle this inspection properly.

206
Views
3
Helpful
3
Replies
CreatePlease to create content