Technical Tip: Workaround for auth proccess fnbamd stalling when a high volume of SSL connections are being authenticated
| Description | This article describes a solution that can be employed if the fnbamd process is seen to stall when authenticating a high volume of SSL connections simultaneously. |
| Scope | FortiOS and SSL VPN. |
| Solution | The authentication process (fnbamd) may be seen to stall if many hundreds or thousands of SSL VPN connections are simultaneously connecting and requiring authentication.
In this scenario, it is necessary to kill the fnbamd process one or more times to allow all SSL VPN connections to form and authenticate successfully.
To kill the fnbamd process, use below command:
This could be the case when a FortiGate that terminates many hundreds or thousands of SSL VPN connections is rebooted or when a HA failover event occurs.
Cause: This scenario can be caused by fnbamd being busy with a short default remoteauthtimeout setting of 5 seconds, which results in the new connection never getting a chance to be processed, and it will be timed out again.
Solution: Increase the remoteauthtimeout setting.
config system global set remoteauthtimeout <1-300> end |