How can I debug Cisco Firewall ASA "Dispatch Unit" very high CPU utilisation from ASDM?
The first thing you may check is the traffic through firewall. Please give the result of this command:
show int
show traff
show perfmon
to determind what traffic cause your problem.
Using CLI, don't using ASDM (And I never use it), it makes your ASA load increase.
Related videos on Youtube
13 : 12
31 : 44
14 : 15
20 : 04
05 : 41
Andy
Updated on September 18, 2022Comments
-
Andy over 1 year
I have recently had my first firewall installed so I am very new to this whole situation. I am finding that Dispatch unit is becoming overloaded and it would appear to be the reason I get serious bouts of lag on my server. The firewall has had little configuration apart from me blocking all the ports in "Access Rules" and allowing only the ones the server needs and from where it needs them.
I guess what I am after is assistance with locating the issues causing "Dispatch Unit" to take up all the CPU
Regards
--Edit--
With ASDM statistics I found that packets inbound (peak of 70-100k/sec from <1k/sec normal), traffic inbound (peak of 40-50kbits/sec from <1kbits/sec normal) and CPU all peak at the same time so I am pretty sure it is an attack of some sort but as a beginner with ASA I am not sure how to resolve
-
Andy almost 11 yearsThanks, I guess I will have to wait for the next episode of this overload before I get useful results. Anything I can do in the meantime?
-
Andy almost 11 yearsIn Configuration > Service Policy Rules > inspection_default? I removed icmp. When I try those commands I get errors such as: ERROR: % Invalid input detected at '^' marker.
-
cuonglm almost 11 yearsIt seems you have typed wrong. I don't use ASDM, you can make in CLI like this:
policy-map global_policyclass inspection_defaultno inspect icmpno inspect icmp error -
Andy almost 11 yearsI got the 3 sets of data after upgrading from access level 1 to 15. I have been waiting for an incident to see how they will compare but no trouble so far. I cannot get the policy-map to work however just get the error "Invalid input detected at '^' marker" pointing to the 'o' I am more and more weary that this is possibly an attack of some kind. Regards
-
Andy almost 11 yearsWith ASDM statistics I found that packets inbound (peak of 70-100k/sec from <1k/sec normal), traffic inbound (peak of 40-50kbits/sec from <1kbits/sec normal) and CPU all peak at the same time so I am pretty sure it is an attack of some sort
-
Andy almost 11 yearsDetected millions of GGP-3 packets 100k/sec but find very little information on this. Cannot access via putty to do the above commands
-
cuonglm almost 11 yearsUse console instead of putty (SSH), I can't help you without information from above command.
-
Andy almost 11 yearsWhat is "console"? The company only advised me to use ASDM Regards
-
Andy almost 11 yearsThe firewall is at the datacentre though I don't think that is possible
