Show record of each second for the last 60 seconds.

show running resource-monitor second

Show record of each minutefor the last 60 minutes.

show running resource-monitor minute

Show record of each hourfor the last 24 hours.

show running resource-monitor hour

Show record of each dayfor the last 7 days.

show running resource-monitor day

Show record of each weekfor the last 13 weeks.

show running resource-monitor week

Show all records - seconds, minutes, hours, days, weeks.

show running resource-monitor

This is the most important command in getting dataplane CPU usages over different time intervals. Usually, if the CPU stays high (>90), traffic would feel sluggish, latency would also rise. The best strategy is to determine a regular 24-hour usage (“baseline”) and then compare it to the times when spikes are experienced. Resource utilization gives the % usage of sessions and buffers. If the output of packet descriptors or buffers stays > 80%, it indicates the device is over loaded and may lead to packet loss and abnormal behavior of the device. The same output can be obtained from the dp-monitor log.

less mp-log dp-monitor.log

• VM-100 - Has Core 0 - 3 listed but only have data for Core 1.
• VM-300, PA-220 - Have Core 0 - 3 listed but only have data for Core 1 - 2.
• PA-850 - Has Core 0 - 7 listed but only has data for Core 1 - 5.
• PA-5220 - Has Core 0 - 7 listed but only has data for Core 1 - 7.

debug dataplane pool statistics

debug dataplane pool statistics | match Packet

This command shows the packet buffers, resource pools and memory cache usages by different processes. If the pools deplete, traffic performance will be affected corresponding to that particular resource pool. Regarding pools, the number of the left shows the remaining while the number on the right shows the total capacity. The total capacity can vary based on platforms, models and OS versions. Likewise, if a certain process uses too much memory, that can also cause issues related to that process.

For Packet Buffer Usage, run the following filter in the System Logs view

( description contains 'Packet buffer congestion is' )

show counter global

show counter global filter severity drop

show counter global | match deny

show counter global | match error 

This command lists all the counters available on the firewall for the given OS version. For every packet that arrives, traverses or even gets dropped, we should see one or more counters go up. These are extremely powerful in troubleshooting traffic related issues when combined with packet-filter.

show arp all

If you are using the firewall in Layer 2 mode, the following command is the Layer 2 equivalent of the arp command above.

show mac all

debug log-receiver statistics

debug log-receiver statistics | match discard

Check that “Logs discarded (queue full)” is zero; if it is nonzero, you are losing logs and are probably exceeding the platform limits for logging.

show system setting ssl-decrypt memory

This command is used to monitor the ssl decryption memory usage; the first sz malloc size is the value to track. This value should increment/decrement, it is a concern if this value only increments. The max value is around 16 mb.

show resource limit ssl-vpn

This command shows the number of current number of connected GlobalProtect sessions (both the SSL sessions and the IPsec VPN sessions).

You can show the GlobalProtect cookie cache on the firewall.

show system setting ssl-decrypt gp-cookie-cache