Memory is used by distributed firewall internal data structures, and can be configured for CPU, RAM and connections per second.
Each ESXi host is configured with the following threshold parameters for DFW resource utilization:
CPU utilization, heap memory, process memory, connections per second (CPS), and maximum connections. An alarm is raised if the respective threshold is crossed 20 consecutive times during a 200-second period. A sample is taken every 10 seconds.
The memory is used by distributed firewall internal data structures, which include filters, rules, containers, connection states, discovered IPs, and drop flows. These parameters can be manipulated using the following API call: PUT /api/4.0/firewall/stats/thresholds
. See the NSX API Guide for more information.