Why does my firewall lockup when I use the packet monitor feature?
03/26/2020 15 7007
While all SonicWalls have multiple CPU Cores, Core 0 is responsible for handling specific traffic flows which cannot be handed off to other Cores. This is referred to as the Control Plane while all other Cores are referred to as the Data Planes. High usage on the Control Plane can be indicative of many things and can cause sluggishness on the GUI, inability to Manage the SonicWall, Reboots, and other issues.
To troubleshoot consistent high Core 0 usage please see How to Troubleshoot Core 0 Spikes or High Utilization.
The packet monitor feature in SonicWall firewalls utilizes Core 0 while capturing and processing network traffic. During the packet capture process every packet is handled based on filters and then piped to a circular buffer for tracing and decoding. Depending on the network environment this will consume a high portion of CPU cycles. In environments where network stability is prioritized it is recommended to utilize a spanport or tap environment within the network for traffic level troubleshooting. Additionally, as the identifiers of rules have significantly increased in SonicOS 6.5 advanced logging should provide much of what is required for daily troubleshooting.
For additional information on logs and reporting please see SonicOS 6.5 Logs and Reporting.