Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Troubleshooting Firewall Reboots due to tWebMain process in Gen 6 devices

03/26/2020 107 People found this article helpful 196,659 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article outlines the steps in troubleshooting when the firewall is rebooting due to suspension of tWebMain. This is a process responsible for displaying events/information in the GUI of the firewall.

    Usually when this happens, the CPU or Core 1 (in GUI) spikes up to a 100%.

    Cause

    There are several factors that can keep tWebMain busy:

    • GUI logging: This depends on the number of log events generated. The logging on the firewall, when enabled for regular events (eg: DNS Allow, ICMP allowed, Connection NAT Mapping), will generate a large number of events. This overwhelms the tWebMain process if we have GUI Alerts enabled.
    • App Control Logging / App Rule Logging
    • Log Name Resolution: When this is set to DNS Then NetBIOS or just NetBIOS, requests from the machines to public DNS servers requesting PTR records, will result in errors
    • Site to Site VPNs: These when configured incorrectly, even though the tunnel might work, will repeatedly generate errors which are logged.

    The CPU Utilization can be found in the TSR of the firewall by doing a search for "CPU Utilization" or "Utilization per process".

    The following is an excerpt from a TSR: it shows that the overall CPU Utilization is 65% (Which is above normal, but not alarming). The value 50 denotes the priority the process gets. In other words, if there is a higher priority process coming in, it will preempt one of the lower priority processes.


    --CPU Monitor--
    CPU Monitor:
    Current 1s CPU Utilization: 100.00%
    Current 10s CPU Utilization: 100.00%

    Total Average CPU Utilization: 65.15%

    CPU Utilization Per Process:
    # Name PC PRI Total% (secs) Curr% (secs)
    --- ----------------- ---------- --- ------------- -------------
    1. pass_to_stack 0x81203774 50 16.24 (1224.62) 28.57 (0.30)
    2. tWebListen 0x81203774 50 9.89 (746.07) 17.46 (0.18)
    3. tWebMain06 0x81200cb0 50 1.50 (113.23) 6.35 (0.07)


    Resolution

    The following changes can be made in the firewall settings to prevent tWebMain from causing issues:

    • GUI Logging: This change should be done under Log | Settings: disable GUI alerts for regular events, or if they have to be logged, send them to a syslog server (if one is configured), or change the Log filter value to Non zero (typically 60 seconds). Please see: Reduce CPU usage reviewing logs configuration
    • App control/ App rule logging: This change should be done under Firewall | App Rules or Firewall | App control Advanced
      • For App Rules, change the Global Log Redundancy filter value to non zero value.
      • For App Control, change the filter value for the categories (27 in total). This eliminates redundant logs for the specified period of time.

    NOTE: If the firewall is being managed by GMS, the logging is automatically enabled for all categories.

    • Log Name Resolution: Under Log | Name Resolution, set the value to None or just DNS.
    • In the diag.html page
      • Enable the "Main Log Process Reschedule Interval" and set the value to 100 entries.
      • Change the "Log Output Limit:" value to "1000" entries (Available for SuperMassive10000 series).
      • Disable the "Exempt Redundancy Filter intervals of unfiltered events from global, category-level and group-level changes"
    • If AppFlow is enabled, please disable it from AppFlow | Flow Reporting by disabling "Enable Real-Time Data Collection" and "Enable AppFlow To Local Collector"

    NOTE: If the issue persists even after making the changes, collect stack trace information, TSR, settings files and Console logs if necessary and create a Collaboration Request with SEEG. Click on this link to read more about How to obtain diagnostic Logs/data from console cable connection when Firewall is freezing/locking.

    NOTE: When change values in the diag.html page on SuperMassive10000 series running firmware version 6.0.5.2-72o or 6.0.5.2-73o, the firmware needs to be upgraded to 6.0.5.2-74o or later due to any button in the diag.html page are not responsive.

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top