Skip to main content
A
Anonymous_User
Contributor
March 23, 2010
Question

Long delays in connections through firewall

  • March 23, 2010
  • 15 replies
  • 13018 views
Hi all We have a FGT-60B which has suddenly started playing up. Firmware version is 3.00-b0668(MR6 patch 2) We use it for our general internet access and also for traffic to our hosted web site. Within the last 2 weeks, we' ve been experincing long delays (average around 30 seconds) when trying to browse to internet sites. Sometimes the site will come up after the delay and then be OK, sometimes it will load the page very slowly, sometimes you' d get an error saying the page could not be displayed. On our hosted site, customers have been reporting the same problems. I' ve traced the problem to communications across the firewall' s zones, by doing the following testing: Accessing our web server by it' s internal IP address (INT-->DMZ interface) and also by it' s public URL (the IP of which is on the WAN2 interface that is then routed to the DMZ interface so I assume INT>WAN2>DMZ). The DMZ only connectionis absolutely fine, but when browsing to the site using the public IP it is very slow. I assume that our general internet problems (internal -->WAN1) are caused by a similar interface-interface problem. We have limited reporting on the firewall, the memory and CPU usage is within tolerable limits, and really I don' t know what to do to troubleshoot this. I have of course rebooted the firewall and this has had no effect. Can anyone suggest what this might be or suggest some things to try? Thanks Andy

    15 replies

    hidayet
    hidayet
    New Member
    March 23, 2010
    Hi AndyCole, Protection profile can try to remove or FortiOs 4.0 MR1
    mhe
    mhe
    Explorer II
    March 23, 2010
    Are the configured DNS Server still reachable???
    A
    Anonymous_UserAuthor
    Contributor
    March 23, 2010
    Thanks for the replies so far. I disabled the protection profile and for a minute I thought it was working but it was just temporary. It has made no difference. DNS is all fine, that' s the first thing I checked. I also just noticed that CPU usage is very high. Frequently 92% and sometimes 99%. No reports of problems in the log, though. We haven' t added any extra users or traffic recently so I can' t see a reason for this. Andy
    hidayet
    hidayet
    New Member
    March 23, 2010
    Trojan or virus on your network.This causes excessive traffic.On your network scan
    rwpatterson
    rwpatterson
    New Member
    March 23, 2010
    The 60B will start to flake out when the memory goes over about 78%. 80% or more will go into conserve mode where services start to get shut down to improve CPU cycles. Search the forums and knowledge base for that. There' s plenty out there on the subject. Good luck
    A
    Anonymous_UserAuthor
    Contributor
    March 23, 2010
    Bob, thanks. You said that it starts to flake out when memory goes over 78%. Did you mean CPU? Memory usage is a pretty constant 54%. It' s the CPU usage that' s high. I shall search the forums anyway, thanks. Andy
    A
    Anonymous_UserAuthor
    Contributor
    March 24, 2010
    Hi I searched this forum and did some searches on google but I didn' t find anything that suggests a cause of high CPU usage, or any diagnostic suggestions. I am currently turning off access for non-essential users, and shall gradually turn them all back on, and keep an eye on CPU usage as I do so, in order to rule out the possibility of a single user causing the problem. Any other suggestions? Thanks Andy
    A
    Anonymous_UserAuthor
    Contributor
    March 24, 2010
    I' ve used a program called Fireplotter to analyze the traffic through the firewall and checked the CPU usage at the same time. There isn' t any traffic spike or overload causing the CPU cycles. I can only come to the conclusion that the firewall is at fault. Now if only fortinet would respond to my support ticket..... Andy
    A
    Anonymous_UserAuthor
    Contributor
    March 24, 2010
    Hi again I' ve used diag sys top command to check what' s using the CPU and the spikes seem to be caused by scanunitd. I found one other thread on here about it which says that it' s the AV engine. On that particular thread, the poster had made a config change which had caused it. In our case, I haven' t changed anything, this just started happening all on it' s own. I have already proved that it' s not high traffic causing this, so it' s not as if all of a sudden we' re overloading the AV scanner. Google only holds 32 pages that refer to scanunitd. I shall start reading them all! Can anyone confirm what scanunitd is? Cheers Andy.
    rwpatterson
    rwpatterson
    New Member
    March 24, 2010
    My ' out-of-the-box' question... Why not update the firmware to a newer patched version? Your version is kind of dated...
    A
    Anonymous_UserAuthor
    Contributor
    March 24, 2010
    Thanks Bob, I was wondering when someone was going to suggest that! Yes, it' s an out of date firmware, but that doesn' t explain how all of a sudden it appears overloaded, does it? Unless there' s a fix specific to this problem in a newer firmware, I don' t see how upgrading is going to help me. And if there was a specific problem, I' m sure I would have found evidence of it by now, but nobody (by that I mean google) seems to know what this scanunitd is. If it was a known problem, there would be history available for me to find. Andy.
    A
    Anonymous_UserAuthor
    Contributor
    March 24, 2010
    Ooh, I just found this: AV definition blocking firewall That was also posted today and refers to the same AV definition we have. So, how do I manually download the AV definition? Andy
    rwpatterson
    rwpatterson
    New Member
    March 24, 2010
    Go to the support web site. After login, on the left, one of the options should be to get A/V signatures.
    Show more replies
    Terms & ConditionsAccessibility statement