Maxing out Firewall CPU..

5 04 2012

Whilst running a packet capture on my SG82 last night, I started noticing some very strange side effects.. Using my relatively new instance of PRTG, I observed a gradual increase in the number of ‘Down’ states, up to around 200 of them.

They were all for hosts on the other end of a site to site VPN, but the weird thing was that ping connectivity was still there to the hosts that were alerting.

A little investigation identified that the CPU was maxed out, and when that happens, literally the only traffic that passes over a site to site VPN is ping. Stop the packet capture, and the checks recovered.

A bit of real-world that you don’t come across in the reference books!