How to identify high CPU, Packet Buffer, and Packet Descriptor in the firewall with Strata Cloud Manager

9743

Created On 08/25/22 03:15 AM - Last Modified 09/15/23 02:09 AM

IKE

IPSec

Investigation and Response

10.0

10.2

10.1

Next-Generation Firewall

Strata Cloud Manager

Objective

Identify the essential firewall resources needed to forward a data plane packet that Strata Cloud Manager monitors.
Using the Strata Cloud Manager premium health alerts below, we will identify possible resource depletion
- Increased Traffic Latency - Packet Buffer
- Increased Traffic Latency - Packet Descriptor
- Increased Traffic Latency - Packet Descriptor (on-chip)
Using the Strata Cloud Manager free health alert below, we will identify possible resource depletion
- Dataplane CPU Utilization
- Management Plane CPU Usage

1. Check Memory resources in Strata Cloud Manager GUI

Go to Alerts > Health > Add Filter > Serial > Select Serial > check the appropriate Serial and verify if any of the following Alert Name is present:

If yes, click on the Alert Name and under RECOMMENDATIONS follow the solution provided.

2. Check CPU resources in Strata Cloud Manager GUI:

Go to Monitor > Health > Grouped by: Model > click on the appropriate PA model > click on the appropriate Hostname > click on the Serial Number [highlighted in blue]

Under Metric Name > click on Select Metric Name > type CPU > check Dataplane Average CPU Utilization
Under Metrics for this Device > click on Dataplane Average CPU Utilization

With the data/graph obtained, are there any spikes in the CPU that we can correlate with the issue?
Repeat the above Steps, under 2.c., instead of using Dataplane CPU Utilization, use Management Plane CPU Usage.