High CPU Usage / What exactly does the Concurrent Connections graph measure ?

I have an issue with the firewall going up to 100% CPU, which in turn leads to a completely unusable network.

The only other metric that shows a significant increase in this timeframe is the "Concurrent connections" metric under "Network Usage". Which peaks  at ~65k, which looks suspiciously like the max port limit for e.g. TCP.

There is no service open to external, except OpenVPN which is used by <10 users at a time.

So my question is what exactly can lead to the increase in concurrent connections. Does this metric include TCP connections that are routed through the firewall or only connections that are terminated by the firewall ?

Is there any way to prevent the high CPU usage proactively ?

It is a SG210 with Firmware 9.705-3

added info about firmware version
[edited by: schaebo at 12:43 PM (GMT -7) on 9 Jul 2021]
Parents Reply Children
  • Hallo and welcome to the UTM Community!

    When this problem occurs, what does top at the command line show as the culprit?

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA