Skip to main content
tino_p
Staff
tino_p
Staff
February 9, 2026

Technical Tip: 'fnbamd' daemon consumes high CPU and crashes

  • February 9, 2026
  • 0 replies
  • 4652 views
Description This article describes an issue where the 'fnbamd' daemon crashes intermittently, then consumes high CPU, causing the unresponsiveness of the authentication process and certificate verification. 
Scope FortiOS v7.4.9.
Solution
  1. The symptom is the 'fnbamd' process crashes intermittently in the crashlog with signal 11:

 

"...

2066: 2026-02-05 09:34:05 <07757> firmware FortiGate-100F v7.4.10,build2867b2867,260116 (GA.M) (Release)
2067: 2026-02-05 09:34:05 <07757> application fnbamd
2068: 2026-02-05 09:34:05 <07757> *** signal 11 (Segmentation fault) received ***

..."

 

After the crash, the 'fnbamd' process consumes lots of CPU:

 

"...

Run Time: 3 days, 4 hours and 32 minutes
13U, 0N, 0S, 87I, 0WA, 0HI, 0SI, 0ST; 7587T, 4210F
fnbamd 7973 R     99.2 0.2 6     <----- 99% CPU.
bcm.user 130 S < 3.5 0.2 7
ipsengine 455 S < 0.9 1.8 7
ipsengine 458 S < 0.7 1.8 5
ipsengine 460 S < 0.7 1.8 2
ipsengine 461 S < 0.7 1.8 6
miglogd 340 S 0.5 0.4 0
urlfilter 398 S < 0.5 0.3 5
ipsengine 459 S < 0.3 1.8 0
..."

 

As a consequence, remote user authentication (LDAP, RADIUS, FortiToken, etc.) as well as x.509 certificate verification is impacted.

 

The workaround is as follows:

  • Install the correct CA certificates onto the local system helps prevent this issue from occurring. 
  • Restart the fnbamd process using the following command:

 

fnsysctl killall fnbamd

 

If the CLI command above does not work, identify the fnbamd process ID by running 'diagnose sys process pidof fnbamd', then restart the process by executing 'diagnose sys kill 11 <pid>'.

 

Alternatively:

  • Restart the process using a script based on the increasing pattern. For example, this script will restart the process every 6 hours to prevent memory growth over time. However, if the process consumes high CPU for more than 6 hours, then the process needs to be restarted manually.

 

config system auto-script
    edit restart_fnbamd
        set interval 21600
        set repeat 0
        set start auto
        set script 'fnsysctl killall fnbamd'
    next
end

 

Note: (multi-VDOM) if VDOMs are enabled, run the following commands in a global context:

 

config global

    config system auto-script 
        edit restart_fnbamd
            set interval 21600
            set repeat 0
            set start auto
            set script 'fnsysctl killall fnbamd'
        next
    end

 

  1. The solution is to upgrade FortiOS firmware to v7.4.12, v7.6.7, and v8.0.0.

Note: A consequence of this issue could be experienced as failing to connect to VPN connections. Debugs from IPSec VPN show the authentication attempt:

ike V=root:0:Dialup_0:0: received XAUTH_USER_NAME 'guest' length 5
ike V=root:0:Dialup_0:0: received XAUTH_USER_PASSWORD length 6
ike V=root:0:Dialup_0: XAUTH user "guest"
ike V=root:0:Dialup: auth group Guest-group
ike V=root:0:Dialup_0: XAUTH 8882150748161 pending


However, there is never an authentication reply of FNBAM_SUCCESS or FNBAM_DENIED.
    Terms & ConditionsAccessibility statement