Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:troubleshooting:firewall_resources [2020/05/28 11:29] – bstafford
+++ paloaltonetworks:troubleshooting:firewall_resources [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Troubleshooting Firewall Performance ======
+===== CPU Spikes =====
+Could be caused by [[https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAcfCAG|genindex.sh]].
+Could be caused by [[https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000CmQv|IPsec tunnels]].
+===== Performance Issues =====
+Possible but in PAN-OS 10.0.6 but we have seen a case where disabling "Forward segments exceeding TCP content inspection queue" cause massive throughput hit.
+===== Show Session Limits =====
+<code>show session info</code>
+<code>show session info | match active</code>
 ===== Show Resources =====
 Show record of each second for the last 60 seconds.
@@ Line 25: / Line 34: @@
 ===== Buffer Usage =====
 <code>debug dataplane pool statistics</code>
+<code>debug dataplane pool statistics | match Packet</code>
 This command shows the packet buffers, resource pools and memory cache usages by different processes. If the pools deplete, traffic performance will be affected corresponding to that particular resource pool. Regarding pools, the number of the left shows the remaining while the number on the right shows the total capacity. The total capacity can vary based on platforms, models and OS versions. Likewise, if a certain process uses too much memory, that can also cause issues related to that process.
 For Packet Buffer Usage, run the following filter in the System Logs view
 <code>( description contains 'Packet buffer congestion is' )</code>
+To show the top five session using more than 2% of packet buffers: (this only works on physical firewalls)
+<code>show running resource-monitor ingress-backlocs </code>
+shows top five session using more than 2% of packet bufer.
+Look for ''unknown'' or ''undecided'' App-ID and kill off with
+<code>request session-discard id <session_id></code>
 ===== Show Counters =====
@@ Line 51: / Line 67: @@
 This command is used to monitor the ssl decryption memory usage; the first sz malloc size is the value to track. This value should increment/decrement, it is a concern if this value only increments. The max value is around 16 mb.
+The following command shows all decrypted sessions currently in the session table
+<code>show session all filter ssl-decrypt yes</code>
+<code>show session all filter ssl-decrypt yes count yes</code>
 ===== Show GlobalProtect Data ====
 <code>show resource limit ssl-vpn</code>
-This command shows the number of current SSL VPN sessions (GlobalProtect).
+This command shows the number of current number of connected GlobalProtect sessions (both the SSL sessions and the IPsec VPN sessions).
+You can show the GlobalProtect cookie cache on the firewall.
+<code>show system setting ssl-decrypt gp-cookie-cache</code>