Here in this article we will troubleshoot the issue when your firewall is showing high CPU consistently. Here is the sample image in sophos UTM dashboard.
First you need to login to sophos firewall console and execute top command and check which services are using high CPU. If only one service is using high CPU, then this resolution will not apply.
If the CPU usage is high due to random spikes in different services at different times this resolution will apply. The CPU usage can be caused due to database errors. To check if there are any database errors you need to view sys log file.
The listed steps will be applicable for sophos UTM:
Step-1: Login to sophos firewall.
Step-2: Type cd /var/log
Step-3: Enter tail -f system.log and check if you were observing any database error logs. Sample database errors are shown in below image
If you observe errors shown in above image, then this issue is related to database. Now you need to rebuild the database. You can execute the below command to rebuild the database: “/etc/init.d/postgresql92 rebuild”.
Note: If you rebuild the database, all existing reports, spooled emails and existing hotspot vouchers will be deleted.
Login to sophos UTM firewall and execute this command “top” as shown in image below
Here as marked in the above image, http proxy is using high CPU utilization. It could be resolved by restarting the httpproxy. You can execute this command:”/var/mdw/scripts/httpproxy restart“
It will restart httpproxy and the issue could be resolved.
The listed steps will be applicable for sophos XG:
Step-1: Login to sophos firewall CLI. You can use the following article for the same
Step-2: Type number 5 and enter device management and then type number 3 and enter advanced shell
Step-3: Type tail -f syslog.log and observe if you notice any database errors as shown in above image.
If you notice any database errors then type exit command. you will get other options with advanced shell as shown in below image.
Now enter 4th option to flush device reports. If we flush the reports of the firewall then all existing reports will be deleted from the firewall.
In case if you want to preserve reports, you can watch this article to download existing reports from the XG firewall:
Now check the CPU usage, it should become normal. In case if you still have the issue, please feel free to comment or mail us. We will try to help you.
Hope this article helps you.