Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:troubleshooting:firewall_resources [2020/05/29 20:09] – [Show Decryption Data] bstafford
+++ paloaltonetworks:troubleshooting:firewall_resources [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Troubleshooting Firewall Performance ======
+===== CPU Spikes =====
+Could be caused by [[https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAcfCAG|genindex.sh]].
+Could be caused by [[https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000CmQv|IPsec tunnels]].
+===== Performance Issues =====
+Possible but in PAN-OS 10.0.6 but we have seen a case where disabling "Forward segments exceeding TCP content inspection queue" cause massive throughput hit.
+===== Show Session Limits =====
+<code>show session info</code>
+<code>show session info | match active</code>
 ===== Show Resources =====
 Show record of each second for the last 60 seconds.
@@ Line 30: / Line 39: @@
 For Packet Buffer Usage, run the following filter in the System Logs view
 <code>( description contains 'Packet buffer congestion is' )</code>
+To show the top five session using more than 2% of packet buffers: (this only works on physical firewalls)
+<code>show running resource-monitor ingress-backlocs </code>
+shows top five session using more than 2% of packet bufer.
+Look for ''unknown'' or ''undecided'' App-ID and kill off with
+<code>request session-discard id <session_id></code>
 ===== Show Counters =====
@@ Line 54: / Line 69: @@
 The following command shows all decrypted sessions currently in the session table
 <code>show session all filter ssl-decrypt yes</code>
+<code>show session all filter ssl-decrypt yes count yes</code>
 ===== Show GlobalProtect Data ====
 <code>show resource limit ssl-vpn</code>