paloaltonetworks:troubleshooting:firewall_resources
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| paloaltonetworks:troubleshooting:firewall_resources [2020/05/28 11:16] – [Show Resources] bstafford | paloaltonetworks:troubleshooting:firewall_resources [2022/11/23 12:49] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Troubleshooting Firewall Performance ====== | ====== Troubleshooting Firewall Performance ====== | ||
| + | ===== CPU Spikes ===== | ||
| + | Could be caused by [[https:// | ||
| + | Could be caused by [[https:// | ||
| + | |||
| + | ===== Performance Issues ===== | ||
| + | Possible but in PAN-OS 10.0.6 but we have seen a case where disabling " | ||
| + | ===== Show Session Limits ===== | ||
| + | < | ||
| + | < | ||
| ===== Show Resources ===== | ===== Show Resources ===== | ||
| - | < | + | Show record of each second for the last 60 seconds. |
| - | < | + | < |
| - | < | + | Show record of each minutefor the last 60 minutes. |
| - | < | + | < |
| - | < | + | Show record of each hourfor the last 24 hours. |
| - | < | + | < |
| + | Show record of each dayfor the last 7 days. | ||
| + | < | ||
| + | Show record of each weekfor the last 13 weeks. | ||
| + | < | ||
| + | Show all records - seconds, minutes, hours, days, weeks. | ||
| + | < | ||
| This is the most important command in getting dataplane CPU usages over different time intervals. Usually, if the CPU stays high (>90), traffic would feel sluggish, latency would also rise. The best strategy is to determine a regular 24-hour usage (" | This is the most important command in getting dataplane CPU usages over different time intervals. Usually, if the CPU stays high (>90), traffic would feel sluggish, latency would also rise. The best strategy is to determine a regular 24-hour usage (" | ||
| Resource utilization gives the % usage of sessions and buffers. If the output of packet descriptors or buffers stays > 80%, it indicates the device is over loaded and may lead to packet loss and abnormal behavior of the device. | Resource utilization gives the % usage of sessions and buffers. If the output of packet descriptors or buffers stays > 80%, it indicates the device is over loaded and may lead to packet loss and abnormal behavior of the device. | ||
| The same output can be obtained from the dp-monitor log. | The same output can be obtained from the dp-monitor log. | ||
| < | < | ||
| - | * **VM-100**, **VM-300**, **PA-220** - Have Core 0 - 3 listed but only have data for Core 1 - 2. | + | * **VM-100** |
| + | * **VM-300**, **PA-220** - Have Core 0 - 3 listed but only have data for Core 1 - 2. | ||
| * **PA-850** - Has Core 0 - 7 listed but only has data for Core 1 - 5. | * **PA-850** - Has Core 0 - 7 listed but only has data for Core 1 - 5. | ||
| * **PA-5220** - Has Core 0 - 7 listed but only has data for Core 1 - 7. | * **PA-5220** - Has Core 0 - 7 listed but only has data for Core 1 - 7. | ||
| ===== Buffer Usage ===== | ===== Buffer Usage ===== | ||
| < | < | ||
| + | < | ||
| This command shows the packet buffers, resource pools and memory cache usages by different processes. If the pools deplete, traffic performance will be affected corresponding to that particular resource pool. Regarding pools, the number of the left shows the remaining while the number on the right shows the total capacity. The total capacity can vary based on platforms, models and OS versions. Likewise, if a certain process uses too much memory, that can also cause issues related to that process. | This command shows the packet buffers, resource pools and memory cache usages by different processes. If the pools deplete, traffic performance will be affected corresponding to that particular resource pool. Regarding pools, the number of the left shows the remaining while the number on the right shows the total capacity. The total capacity can vary based on platforms, models and OS versions. Likewise, if a certain process uses too much memory, that can also cause issues related to that process. | ||
| + | |||
| + | For Packet Buffer Usage, run the following filter in the System Logs view | ||
| + | < | ||
| + | |||
| + | To show the top five session using more than 2% of packet buffers: (this only works on physical firewalls) | ||
| + | < | ||
| + | shows top five session using more than 2% of packet bufer. | ||
| + | Look for '' | ||
| + | < | ||
| ===== Show Counters ===== | ===== Show Counters ===== | ||
| Line 40: | Line 67: | ||
| This command is used to monitor the ssl decryption memory usage; the first sz malloc size is the value to track. This value should increment/ | This command is used to monitor the ssl decryption memory usage; the first sz malloc size is the value to track. This value should increment/ | ||
| + | The following command shows all decrypted sessions currently in the session table | ||
| + | < | ||
| + | < | ||
| ===== Show GlobalProtect Data ==== | ===== Show GlobalProtect Data ==== | ||
| < | < | ||
| - | This command shows the number of current SSL VPN sessions | + | This command shows the number of current |
| + | |||
| + | You can show the GlobalProtect cookie cache on the firewall. | ||
| + | < | ||
paloaltonetworks/troubleshooting/firewall_resources.1590664596.txt.gz · Last modified: (external edit)