Skip to main content
Fab
Fab
New Member
September 6, 2019
Solved

Fortigate-90D upgrading potential behavior

  • September 6, 2019
  • 1 reply
  • 2989 views

Hello,

I'm new to this forum and discovered fortinet since a few month now and i have several questions about it.

We have a licensed Fortigate-90D with firmware 5.2.5 which is quite old, with IPS and UTM enabled.

We have around a total of 1200-1300 sessions, and 5 to 15 new session per second

We have a contracted provider which is supposed to care about anything but :

 

- the firewall is not updated since at least 2 years

- cpu load is stuck to 99% since at least 6 months (httpsd is eating 95%), and it's been 4 months i entered the company, the provider just said "change firewall, it's too old"

 

So here is my questions :

- We have a 4Mb link which barely goes to 2Mb bandwitdh usage but we have performance issues and disconnections, do the 99% cpu load could be a bottleneck ?

- Does upgrading to 5.4.x, 5.6.x or 6.x have performances impact ?

- What do you recommend to resolve my cpu load issue ?

 

Thanks for your attention :)

    Best answer by Dave_Hall

    The 90D is still supported on firmware up to 6.0.x. Though 5.2.* is no longer supported since 2018-12-13.  Hardware wise, the 90D hardware will EOL at 2023-10-14. 

     

    httpsd is the web (server) process that spawns when an administrator logs into the GUI, and I understand there are some issues related to CPU usage on the earlier 5.2.x firmwares.  So upgrading the firmware, at least to the latest 5.2.x firmware may/should resolve your CPU usage issues. YMMV.  

     

    If the contracted vendor that is supposed to maintaining the fgt device, then I am surprised that they would let the firmware updates process lapses unless they are simply a fortinet reseller that originally set up the 90D.  Does the 90D even have a valid subscription?

     

    >What do you recommend to resolve my cpu load issue ?

     

    Really can not comment unless we know more about the network load (how many devices connected, etc.)  How the firewall policy rules are set up, etc.  Is there a lot of UTM feaures enabled, etc.

     

    1 reply

    zaphod
    zaphod
    New Member
    September 6, 2019

    change the firewall.. it is too old to run newer firmware... your provider is right imho

    Dave_Hall
    Dave_HallAnswer
    New Member
    September 6, 2019

    The 90D is still supported on firmware up to 6.0.x. Though 5.2.* is no longer supported since 2018-12-13.  Hardware wise, the 90D hardware will EOL at 2023-10-14. 

     

    httpsd is the web (server) process that spawns when an administrator logs into the GUI, and I understand there are some issues related to CPU usage on the earlier 5.2.x firmwares.  So upgrading the firmware, at least to the latest 5.2.x firmware may/should resolve your CPU usage issues. YMMV.  

     

    If the contracted vendor that is supposed to maintaining the fgt device, then I am surprised that they would let the firmware updates process lapses unless they are simply a fortinet reseller that originally set up the 90D.  Does the 90D even have a valid subscription?

     

    >What do you recommend to resolve my cpu load issue ?

     

    Really can not comment unless we know more about the network load (how many devices connected, etc.)  How the firewall policy rules are set up, etc.  Is there a lot of UTM feaures enabled, etc.

     

    Terms & ConditionsAccessibility statement