Hi there, since upgrading to 9.713-19 it appears that one of our smaller UTM's, an SG125, has begun exhibiting higher than normal CPU usage.
CPU usage comes in spikes, while memory is constantly above 60%
SUM 4 monitor also has a warning that "projected load average trend shows major increase of 75%"
Shortly afterwards we noticed that the office using this UTM began struggling with internet connectivity due to packet losses.
We've engaged with the ISP and the line seems to be OK, so this leads me to suspect that the UTM is to blame.
What strikes me as odd is that the UTM isn't very busy, i.e. there's barely anyone in the office, and it has been fine with a full office several times a month.
Is there any way to determine whether a recently updated component is causing this? I've disabled IPS, QoS and Port Scan detection. WAF is not used, nor is email protection.
I'm at a loss and would appreciate any guidance. Thanks.
Please copy here what you see when you run top at the command line.
Although we might be able to resolve this here, I would have your reseller open a case with Sophos Support.
Cheers - Bob
Here's screenshot of the top results:
Postgres seems to spike the CPU every so often, but otherwise seems to be mostly confd.plx <defunct>, httpproxy and acc-agent.plx.
Does a reboot get the system to settle down?
It turns out that the UTM is not at fault for our packet loss situation, but rather a faulty switch that has been tricky to isolate.
While the UTM does exhibit higher load levels than previously, this does not seem to be causing any major issues.
Rebooting the UTM only seems to provide temporary improvement.
I also noted the following two processes with high CPU utilisation popping up every once and a while: