Hi andy thanks for the response

No, nothing in threat prevention policy is installed on this GW

regards

Can you send a screenshot?

Andy

Yes, of course

This TP policies are for another cluster and are instaled on that cluster. The GW what have this issue is the one in the other image

What happens if you delete the file? Does it go back to unusual size after some time?

Yes, after delete this file it returned to unusual sizes and again fills the disk after some time, it never stops typing it with the same error ( the error of the image that I sent in the original post)

As last resort, if you can reboot fw, try that. If not, I would suggest contact TAC, this is worth investigating more.

We reboot the cluster and the problem happened in the another cluster member too.

Definitely get in touch with TAC.

Thanks for your time, we’ll open a case

Im really sorry, I wish I could have given you some sort of good suggestion. I never seen this problem before, so not really sure why it happens. Maybe someone else in the community will have an idea...one thing though that came to my mind is, can you run ps -auxw command and top as well, just to see if there is a process that could be consuming high memory/cpu that might potentially cause this to happen?

Andy

Here are the outputs

Just a shot in the dark here...but, one that that struck me from those outputs is that fwd is consuming unusually high amount of cpu, 30 plus % and then all fw workers about 10% each, which amount to more than 60% right there. I know this might be a bit extreme to try, but just to be 100% positive its not corexl related, if its enabled, I would try disable it as a test and reboot (can be done via cpconfig command). Not sure if thats something you could try, but it would be worth, just to confirm, for sure.