Differences

This shows you the differences between two versions of the page.

--- paloaltonetworks:troubleshooting:firewall_resources [2020/06/10 12:48] – [Show Decryption Data] bstafford
+++ paloaltonetworks:troubleshooting:firewall_resources [2022/11/23 12:49] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Troubleshooting Firewall Performance ======
+===== CPU Spikes =====
+Could be caused by [[https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAcfCAG|genindex.sh]].
+Could be caused by [[https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000CmQv|IPsec tunnels]].
+===== Performance Issues =====
+Possible but in PAN-OS 10.0.6 but we have seen a case where disabling "Forward segments exceeding TCP content inspection queue" cause massive throughput hit.
 ===== Show Session Limits =====
 <code>show session info</code>
@@ Line 32: / Line 39: @@
 For Packet Buffer Usage, run the following filter in the System Logs view
 <code>( description contains 'Packet buffer congestion is' )</code>
+To show the top five session using more than 2% of packet buffers: (this only works on physical firewalls)
+<code>show running resource-monitor ingress-backlocs </code>
+shows top five session using more than 2% of packet bufer.
+Look for ''unknown'' or ''undecided'' App-ID and kill off with
+<code>request session-discard id <session_id></code>
 ===== Show Counters =====