> However when they disabled all the blades except firewall, spike wasn’t seen . Bypassing the IP address on the IPS blade did not solve the problem in my environment .
This is significant. What does output of enabled_blades show when run on the firewall? Defining an IPS Exception won't change the path (SXL/PXL/F2F) the Commvault traffic takes through the firewall, but disabling all blades other than Firewall will. Try this on the gateway:
ips off
(try commvault traffic, and if still causing CPU spike)
fw amw unload
(try commvault traffic again)
ips on
fw amw fetch local
This will at least let you determine if it is one of the Threat Prevention blades causing the CPU spike which is the most likely.
If the CPU is still spiking after trying these commands there is some other blade causing it, and you'll need to figure out what path the Commvault traffic is being processed in with fwaccel conns. It is probably F2F which is why you are taking such a big CPU hit.
If the CPU use goes way down during this test first thing would be to define a "null" TP profile (i.e. all TP blades unchecked in the profile) as described in my book and create a TP rule at the top invoking this profile against Commvault traffic. You can check/enable one TP blade at a time in the "null" profile to figure out which blade is slowing it down and go from there.
--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm