Interface utilization value for the 0:0 interface is at 70% and above, and all the other interfaces have very little or zero traffic utilization.

For the reported warning on interface 0:0, please refer to the below.

Interface Utilization: Measures the traffic (in and out) on the interface, to determine if it is approaching the maximum capacity (bandwidth maximum).

Ref. doc.: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/proxysg/7-2/introduction/monitoring-the-appliance/about-the-health-monitoring-metric-types.html

If this isn't a case where the interface is actually taking in and sending very high volume of traffic, then it will be a case of non-standard network adapter configuration. Because we see almost no traffic on the other interfaces, it looks as though about all the network traffic is being passed through the 0:0 interface. It's recommended to have only the management traffic pass through the 0:0 interface, the LAN traffic through another interface, and the WAN traffic through another interface.

Having check the entitlement for the appliance reported on this case, we see that it is the SG-S500-20. For this appliance, please refer to the snippet below, for its recommended network interface design.

Ref. doc.: https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/hardware-appliances/generated-pdfs/SG-S200-400-500_QSG.pdf

Following the above, the expectation is that the traffic be segmented as shown and not pass the LAN/WAN traffic through the 0:0 interface, to avoid interface exhaustion.

To ensure the network adapters/interfaces are configured in the recommended standard, please refer to the Tech. doc. with URL below.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/proxysg/7-2/introduction/configuring-adapters-and-virtual-lans/changing-the-default-adapter-and-interface-settings/configuring-a-network-adapter.html

So, to resolve the identified issue with the possibly incorrect setup and usage of the 0:0 interface, we recommend to correctly segment the management, LAN, and WAN traffic, as recommended above, and to have the interfaces correctly configured, following the guidance shared.

If customer believes that the solution recommendation has already been implemented, we have requested that they, please, collect the sysinfo file/snapshot and the entire eventlog and upload the same to the case for investigation.