Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 2543 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

High CPU usage and unable to connect to the internet

Administrator User484

The subject is a little bit vague, but there were a few times that any devices couldn't connect to the internet recently for a few minutes.

When I logged into the admin interface, the CPU usage was 100%.

I wonder what I could check to understand the situation ?



This thread was automatically locked due to age.
Parents
  • 0

    The second highest CPU load is snort. Maybe you have some devices in your network that bother your IPS with packets that are discarded? Try to switch of IPS and look whether this helps.

    You might also look whether you are attacked from the WAN and the IPS is overloaded in some way.

    What kind of VPN are you using RED, IPSec, SSL-VPN, RED Tunnel? Is it possible that you are trying to transfer more bandwidth than your firewall can handle?

    How loaded are your interfaces? Is all bandwidth used on the WAN, LAN or DMZ?

    Regards,

    BeEF

  • 0 in reply to BeEf

    I enabled ICMP flood sometimes ago and realized there are around 1000 packets dropped. I will try to disable it and see how it goes.

    Yesterday, we were trying to download around 20 huge files, around 20GB each, from Google Cloud Storage bucket to one of the devices in LAN. We were downloading 2 files at a time. Sometimes we would have around 300Mbps bandwidth when the network is in a good condition.

    We are having IPSec setup but no one was using it yesterday.

  • 0 in reply to Administrator User484

    There is another huge transfers today and the network is greatly affected. It didn't reach 100% this time for most of the time it seems, but the network is super slow.

    The load average goes from 1.5 to 4 and CPU usage sometimes rose to 60% and 70%.

    I wonder anything else I could try ?

Reply Children
  • 0 in reply to Administrator User484

    1) Maybe an attack from the outside - check this:



    2) On which firewall rules have you enabled the ips. Switch it off for outgoing traffic an internal traffic (only for testing):



    3) Your firewall might be to small for a lot of packets that bother the IPS.

    4) Define an explicit deny rule and look at the packets that are dropped. Do you see unexpected and high volume traffic at one of your interfaces (e.g. public addresses in the lan or private addresse on the wan).

  • 0 in reply to BerndFeist

    1) One of the known traffics are packets from Google Cloud Storage to the local, as I'm downloading files from the GCS from time to time.

    2) The Lan to Wan policy is already been like this since sometimes ago. I wonder if I should change anything in here ?

    4) I will try that later.