Hey All,

Does anyone have any insights in tuning SSL inspection to use less memory?  We currently have a 200D HA cluster (5.2.7) with approximately 75 users (average day is around 7900 peak sessions with 100Mbps down and 25Mbps up).  We are seeing memory usage hover around 65% of which has increased somewhat steadily since we have enabled full ssl inspection.

Does anyone have any experience with tuning SSL inspection? In particular I would be curious to know what all ports vs common ports does for impact of overall memory consumption. 

Here is my memory info from the 200D.

 # diag hardware sysinfo memory

 total: used: free: shared: buffers: cached: shm:

Mem: 2069049344 1309827072 759222272 0 110104576 202190848 168747008

Swap: 0 0 0

MemTotal: 2020556 kB

MemFree: 741428 kB

MemShared: 0 kB

Buffers: 107524 kB

Cached: 197452 kB

SwapCached: 0 kB

Active: 158892 kB

Inactive: 146152 kB

HighTotal: 0 kB

HighFree: 0 kB

LowTotal: 2020556 kB

LowFree: 741428 kB

SwapTotal: 0 kB

SwapFree: 0 kB

Run Time: 47 days, 17 hours and 39 minutes

1U, 0N, 2S, 97I; 1973T, 713F, 165KF

 vsd 103 S 0.0 8.1

 proxyworker 89 S 2.5 7.1

 ipsengine 300 S < 0.0 4.2

 ipsengine 299 S < 0.0 4.2

 urlfilter 99 S 0.0 2.9

 updated 1766 S 0.0 2.8

 scanunitd 87 S < 0.0 2.2

 scanunitd 12585 S < 0.0 2.1

 scanunitd 12584 S < 0.0 2.1

 pyfcgid 10808 S 0.0 2.1

 pyfcgid 10807 S 0.0 2.1

 pyfcgid 10806 S 0.0 2.1

 hasync 94 S < 0.0 2.0

 reportd 80 S 0.0 1.5

 pyfcgid 10804 S 0.0 1.5

 sslvpnd 81 S 0.0 1.4

 cmdbsvr 44 S 0.0 1.3

 httpsd 123 S 0.0 1.3

 httpsd 150 S 0.0 1.3

 miglogd 62 S 0.0 1.2