- Dataplane CPU: Responsible for processing traffic, session management, and security policies.
- Issue Faced:
- Network slowdowns leading to an inability to log in to the firewall.
- Only resolution was a failover to the secondary firewall.
- Root Cause:
- Increasing session count due to DNS forwarding.
- Sessions were not closing properly.
- Fix Implemented:
- Removed DNS forwarding from domain controllers.
- Result: Dataplane CPU dropped from 80% to 8%.
- Next Steps:
- Test setting timeouts on inactive sessions next week.
- Key Takeaway:
- High dataplane CPU usage can severely impact firewall performance.
- Session management (timeouts, proper closure) is critical for stability.
0 Comments