Vsys CPU Limit

By default, virtual systems within a security system share the same CPU resources. It is possible for one vsys to consume excess CPU resources at the expense of other virtual systems.

The CPU limit feature, or overutilization protection, allows you to configure the security device for “fair use,” or fair mode, as opposed to “shared use,” or shared mode. To enable a more fair distribution of processing resources, you can assign a flow CPU utilization threshold to trigger a transition to fair mode, and you can choose a method for transition back to shared mode. By default, the security device operates in shared mode.

You might need to repeat portions of this procedure until you have verified the settings and their effectiveness.

Before initially configuring shared-to-fair mode parameters, make sure that the security system is not passing traffic.

  1. To initialize and allocate resources to and enable the CPU limit feature, select the CPU Limit Enable checkbox.

  1. Select one of the following Fair to Shared options:

Specify a threshold value from 1 through 100 percent. By default, the threshold value is 80 percent.

Specify a time interval from 0 through 7200 seconds. By default, the time interval is 0 seconds.

  1. Specify the threshold at which the security device enters fair mode. If CPU usage exceeds the threshold, the security device enters fair mode.

You can specify a threshold value from 1 through 100 percent. By default, the threshold is 80 percent.

(Optional) Specify the hold down time, which is the minimum amount of time the CPU usage exceeds the specified threshold at which the security mode enters fair mode. The hold down time is a value from 0 through 1800 seconds. By default, the hold down time is 5 seconds.

  1. Click OK to save your configuration.