|Description||This article lists helpful debug commands to use for SSL VPN that frequently crash or consume high CPU.|
|Scope||FortiGate version 6.4, 7.0 and 7.2.|
To collect debug as below, catch-all sslvpnd debug until the problem happens.
With this, it will be possible to find out what's the last action before sslvpnd runs into a problem
PART 1: To capture the SSL VPN debugs
If a problem(high CPU or crash) has already happened, kill the daemon to get it fresh started:
# diag debug console timestamp enable
PART 2: To check the system running stat:
# diag debug crashlog read
Using a script to run the below commands every 5-10 minutes:
# diag debug enable
Collect all these logs until the problem happens.
After the problem happens, run 'diag debug crash read' to get the fresh crashlog.
If possible, it is possible to use these steps to catch 2-3 times from the time problem happens.
Then it is possible to compare if there is a similarity in the last action between different shortages.
TAC can be contacted if assistance is required with capturing the debugs or running a script.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.