Fortigate dos not reboot

Have you tried the WEbGui, and does it exhibit the same issue? Also what does any log events show? lastly, I guess you can find some one local to pull the AC code

Not that this would help now, but I believe you can buy inexpensive IP-aware power strips that can cycle power remotely. Just a thought in case you run into this again.

Have you tried the WEbGui

WebGUI is down. One of the point what dos not work. I need a command via SSH, that enforce a reboot. Without any checks/stop/shutdown process.

first perform a diag sys top and then press M to order on memory usage and post back here. also check diag hardware sys shm and post output here

I' m guessing here but I bet that the diag sys top will show a lot of process that are in a " z" state for zombie. The reason that it will not reboot is because the cmdb process is in a " z" state. I had the same issue with a 60c that was in china. Webgui was up and then was down.... I was able to pass some traffic and ssh into the box but it would not respond to any commands even the secret backdoor root commands. I called Fortinet and was pushed up to a dev guy and he tired to preform the last restore command and no go. If you can manually reboot it I bet you have a 50/50 change of it not booting. Fortigate shipped a replacement asap. You really not have a lot of options.

Yesterday afternoon there was a short power failure on site. The firewall has then booted normally. I have now normally access to the box. I had yesterday the same problem on an other 60C. But there were people onsite and have rebooted the box. After many tests, we found that the box is overloaded with VPN encryption. On our 60C we run 3-5 VPNs. When 2-3 of them are heavily used, then the 60C crash. Now I have done on the Phase 1 and Phase 2 encryption " lower" and now run the 60C with the all VPNs. Strange that a VPN on a Fortigate can be killed the box ...

What encryption did you use? Some of them is software only and not hardware accelerated.

Now AES128 - SHA1 (for both, Ph1 and Ph2). Before it was higher.

Will now you found the problem, i highly doubt changing the encryption cipher is going to make that difference with the fortiasic CP offloading for vpn traffic. You need to conduct a budget estimate of vpn traffic and other tasks and functions that you are doing VPN AV overall traffic flow etc.... fwiw the 60c is only rated at 70mbps of VPN traffic and that is over estimated by fortinet imho & with no other traffic types. So what other tasks are you doing? Worst case you might need to look at upgrading to a bigger box.

Behind the Firewall we have 2-3 Users, and one Server. No AV, No Webfilter or other UTM. Noting. one rule with Internet traffic, only standard Web traffic. 5 VPNs, where normally 1...2 are active. ISP line 10M The crach was, when a remote admin works on the Server via one VPN, and he hase downloaded a file via the other VPN => crash of the Firewall. Testet with MR2 P4 and MR2 P8. Then I have don a nearly same config in my Lab on a newer 60C WiFi. Here with MR3 P3 the same. Transfer via only 2 VPNs, both active, ISP line 2M and highest encryption (AES256-SHA256, the box crash. With AES128 and SHA1 works.