We'd love to hear about it! Click here to go to the product suggestion community
I would like to know what the "auxwf" process refers to, this process makes my CPU reach 100%
I have the IPS and the ATP turned off, only the Anti Scan Ports is enabled:
My Sophos is an SG 115, I only have 71 users or IP connected
Hello, I have detected another process that is consuming enough CPU:
"postgres 23056 51.3 14.3 597268 565724 ? Rs 09:47 4:55 \_ postgres: reporting reporting 127.0.0.1(37696) SELECT "
and as you can see "auxwf" it's still saturating my CPU
In reply to gerardo josic rodriguez paredes:
"only 71 users" with network/web/wireless protection on a SG115 is seriously undersized. Although the new SG series allow for some wiggle room over the recommended sizing guide, I would never put such a load on a SG115. I would go with at the very, very least SG135, but I would recommend SG210 to fit your current size or even SG230 if you have any possibility of growing the number of users on a short term. You are seeing CPU spikes because your appliance can't handle such load.
In reply to giomoda:
I have reviewed the "network usage" reports per year and the only change I have noticed is the "Current Connection", even the date coincides with the date on which this problem started.
Can you help me understand what "Current Connection" is?
Copied from here, better explained than I ever could:
"Concurrent means active back to back connections which fall in the established state of the TCP state table." Basically it's the number of active, simultaneous connections traversing though the UTM at any given time. You have some spike in your environment. It's likely some new service or system was introduced in your network and is generating tons of load over your UTM. I stand by my previous comment: SG115 is NOT the device for this kind of load. Talk to your Sophos partner, see if then can lend you a SG135 or above so you can test in your environment. I could bet you'll see those issues go away.
I understand it perfectly and I thank you. Could I know which ip is generating more concurrent connections?
If you go to Support > Advanced > LAn Connections it should list all active connections. It won't give you a number, but at least you can have an idea and even copy it to a worksheet and work that information into what you need.