Hi @Tim See uploaded Image.

Cheers

Matt

Approximately 7GB of your 8GB RAM is being used for code execution, but you've only dipped about 1MB into swap so you're OK for now.  fw_full is just a wrapper for the fwd process whose responsibilities are logging on port 257, and acting as a parent process to various security server daemon processes.  It is certainly possible that logging has increased a lot due to all the Remote Access connections, perhaps try just using the standard "Log" for those RA connections instead of Accounting/Detailed/Extended logs? 

Any core dumps in /var/log/dump/usermode?  If a security server process is constantly dying and getting instantly respawned by fw_full over and over again that could account for the issues you are seeing as well.

Also try looking in $FWDIR/log/fwd.elg, any error messages about log buffering issues?  Memory allocation problems?  If logs are not working right or the memory consumption becomes excessive it is possible to kill this process and let cpwd respawn it within 60 seconds, you'll lose logs until it restarts but it won't impact the functionality of the gateway otherwise other than causing a failover.

Thskas for the info @Timothy_Hall. 

Logging has been restricted to the stadard\basic log levels for all rules and the additional VPN rules have no logging enabled at the moment. This has reduced memory somewhat however still around 78% utiilsed.

I have attached an extract of the core dumps that are showing in  /var/log/dump/usermode. As you can see nothing from the last 2 weeks.

In terms of $FWDIR/log/fwd.elg all I can rellay see is applicationc ontrol updates being called.

Thanks for the detialed information.

Matt