Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

High cpu utiization on IPS module

I have two Cisco ASA5540X firewalls with IPS modules configured in a failover pair.

 

Behind this firewall pair (on the inside) are about 140 hosts that use various web-enabled applications, minimal Internet, some email (maybe 10 hosts), and some light file-sharing/access

 

My IPS is configured for inline analysis, but I have noticed that the cpu runs 100% all the time (6 cores). Since I don't want any traffic by-passing the IPS, my configuration on the firewall looks like this

 

access-list ips_traffic extended permit ip any any

access-list ips_traffic extended permit udp any any

 

class-map ips_class

 match access-list ips_traffic

 

policy-map global_policy

 class ips_class

 ips inline fail-open

 

Why is the utilization so high on the IPS? Anything I can do here?

  • Intrusion Prevention Systems/IDS
2 ACCEPTED SOLUTIONS

Accepted Solutions
Bronze

Hi, Although not an expert in

Hi,

 

Although not an expert in this particular field I have installed a handful of these and all of them have had a a CPU load of 100%, I was told by our support that the CPU load on an IPS is very inaccurate way of determining load, it is much better to use the inspection processing load.

 

After further digging I found this  - the issue is discussed as part of this bug - CSCtl74475

 

HTH

 

Mike

This is bug - CSCtl74475.

This is bug - CSCtl74475.

2 REPLIES
Bronze

Hi, Although not an expert in

Hi,

 

Although not an expert in this particular field I have installed a handful of these and all of them have had a a CPU load of 100%, I was told by our support that the CPU load on an IPS is very inaccurate way of determining load, it is much better to use the inspection processing load.

 

After further digging I found this  - the issue is discussed as part of this bug - CSCtl74475

 

HTH

 

Mike

This is bug - CSCtl74475.

This is bug - CSCtl74475.

141
Views
5
Helpful
2
Replies
This widget could not be displayed.