Skip to main content
FGFan
FGFan
New Member
March 24, 2016
Solved

High CPU

  • March 24, 2016
  • 1 reply
  • 21436 views

Hi all, My fortigate 110C usually has high CPU problem. I checked the enviroment (temperature, fan...) all is ok. On fortigate, I configured many policy route, I think it is reason for this problem. so how many policy route entry Fortigare recommend to device can run well? anyone can advise me ? Thanks all!

    Best answer by ede_pfau

    There's not much information you offer. Firmware?

    In the CLI, type 'diag deb enable', 'diag sys top' and hit the 'p' key. This will list the running processes, sorted by CPU usage. Hit 'Ctrl-C' to stop and post the output here.

     

    I don't think PBR is the main cause. Routes are only looked up when a new session is started, PBR the same. The FG-100D can handle a lot of new sessions per second.

    1 reply

    FGFan
    FGFanAuthor
    New Member
    March 25, 2016

    :( Nobody can help?

    ede_pfau
    SuperUser
    ede_pfauAnswer
    SuperUser
    March 25, 2016

    There's not much information you offer. Firmware?

    In the CLI, type 'diag deb enable', 'diag sys top' and hit the 'p' key. This will list the running processes, sorted by CPU usage. Hit 'Ctrl-C' to stop and post the output here.

     

    I don't think PBR is the main cause. Routes are only looked up when a new session is started, PBR the same. The FG-100D can handle a lot of new sessions per second.

    Luiz_Alberto_Camilo
    Luiz_Alberto_Camilo
    Explorer II
    March 25, 2016

    What's high CPU for you ? 

    Normally FortiOS would always keep CPU values low like, oscilating bellow 10%. If your fortigate oscillates more than this, you should probably check your firewall rules order. You may have one rule inspecting all traffic for nothing, maybe .. APPControl rules are the ones that consumes more CPU. 

    Your device may have reached it's limit also. How's the output of the command "get system performance status" ? 

    Several other factors can cause this behavior, but keep in mind that VPN, appcontrol, ips, DoS, would increase your CPU usage, especially if the rules are not optimal ordered. 

    Check for interfaces errors like "get hardware nic internal1".

    Terms & ConditionsAccessibility statement