Skip to main content
philanig
philanig
New Member
May 23, 2018
Question

Authd process consuming High CPU

  • May 23, 2018
  • 1 reply
  • 11965 views

Hi There,

 

We have a problem that started a couple of weeks where the CPU is literally maxing out and when doing a sys diag top, there are two authd processes that are using most of the CPU.

I've tried looking around our FSSO agent to see what could be causing this issue but cant really find anything.

 

this is on a vdom running 5.6 and its the only vdom on the unit (200D)

we have FSSO agents on two DCs and about 500 users.

 

Any suggestions?

1 reply

Fishbone_FTNT
Staff
Fishbone_FTNT
Staff
May 23, 2018

Hi,

authd serves 2 purposes: - FSSO client (connecting to FSSO CAs)

- serves logon portal on Fortigate (default tcp/1000 and tcp/1003)

 

Typically such issues are caused by someone who is hammering logon portal with bulk traffic, or the traffic is legit traffic, but it reaches authd portal for i.e. NTLM authentication as the backup for FSSO.

 

Quick and dirty fix could be to try:

config user setting     set auth-blackout-time 5 end

 

which would prevent IP addresses failed to authenticate to reach logon portal for 5 seconds. Which is usually fair.

Adjust to your liking. It might help immediately, but good would be to look for reasons and hunt the root cause.

 

hth,

Fishbone)(

philanig
philanigAuthor
New Member
May 23, 2018

Hi Fishbone,

 

Thank you for your prompt response, I'm a newbie to FG, is there a log somewhere I can look at that will show the logon portal attempts? 

Terms & ConditionsAccessibility statement