Do this to workaround High cpu and memory issues with IPS

beaven67 · ‎04-15-2011

If you just upgraded to MR3 (which i did) on several firewalls. I had to set the ips engine to low memory mode and restart the ips engine. get ips global you will see algorithm set to engine-pick you need to set it to low config diag config global set algorithim low end diag test app ipsmonitor 99 this will restart the ips engine services or you could just reboot. I just thought i would post this as it fixed my issues.

abelio · ‎04-15-2011

interesting; thanks for share it

regards

/ Abel

Report Inappropriate Content · ‎04-16-2011

Hi there, I have also tried this and seems to work. # config ips global # set algorithm low # end #diag test app ipsmonitor 99 and in addition to this i also found this... When CPU gets stuck on 95-99% for no good reason (as checked by using diag sys top) i tried. #diag test app snmpd 99 CPU Gauge droped to normal level immediatly. Dave

discoveryit · ‎04-26-2011

This works.. We have been looking for a fix for this forever, this has seemed to smooth out the issue.

FCNSP

ejhardin · ‎04-26-2011

Does anyone know if there are side effects for this? I have always ran with the algorithm set to high (until for 4.3)

romanr · ‎04-27-2011

From the CLI manual: The IPS engine has two methods to determine whether traffic matches signatures. â€¢ high is a faster method that uses more memory â€¢ low is a slower method that uses less memory â€¢ engine-pick allows the IPS engine to choose the best method on the fly. The default is engine-pick! ... so just switching to low might not make the situation better for everyone... best regards, Roman