Why is the CPU Monitor on the ProxySG reporting high CPU utilization in LSA?
The LSA component is used by the IWA Direct configuration on the ProxySG and will display on the CPU Monitor if you are using IWA direct in your policy.
The most common reasons for seeing high CPU in Policy are:
1. High number of authentication failures
Check the Event Log to see if there is a lot of authentication failures on the ProxySG. If there is, check if there is a common IP address which causes a lot of authentication failures. Investigate the IP address to see what type of traffic is it sending to the proxy, if possible try to block that IP address before it reaches the proxy and see if the high CPU utilization goes down. If it does, then that IP address is giving the issue and needs to be checked out for malware/spyware/application that causing so many authentication failures.
2. IWA BCAAA processing requirements
To offload some of the processing work on the ProxySG, you can install the IWA BCAAA onto the AD Server and see if that lowers the utilization on the ProxySG. Refer to Setting up IWA authentication on the ProxySG on how to setup IWA BCAAA.
3. Surrogate refresh processing requirements
To reduce the amount of processing required to refresh Surrogate authentication credentials, you can increase the Surrogate Refresh Time setting as discussed in What is the ProxySG authentication Surrogate Refresh Time?
As a temporary workaround you can also disable Authentication in your Visual Policy Manager under the Web Authentication Layer and the CPU will drop.