FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article lists helpful debug commands to use for SSL VPN that frequently crash or consume high CPU.
Scope FortiGate version 6.4, 7.0 and 7.2.

To collect debug as below, catch-all sslvpnd debug until the problem happens.

With this, it will be possible to find out what's the last action before sslvpnd runs into a problem


PART 1: To capture the SSL VPN debugs

Make sure to start this before the problem happens.

If a problem(high CPU or crash) has already happened, kill the daemon to get it fresh started:


# diag debug console timestamp enable
# fnsysctl date
# diag vpn ssl debug-filter clear
# diag vpn ssl debug-filter list
# diag debug duration 0
# diag debug app sslvpn -1
# diag debug info
# diag debug enable
# diag sys top 60 <----- Collect output SSL VPN debug log.


PART 2: To check the system running stat:


# diag debug crashlog read
# diag debug crashlog clear <----- Only run these two commands at the very beginning.


Using a script to run the below commands every 5-10 minutes:


# diag debug enable
# diag debug console timestamp enable
# fnsysctl date
# get vpn ssl monitor <----- Run this for all VDOMS which has SSL VPN running.
# diag vpn ssl list <----- Run this for all VDOMS which has SSL VPN running.
# get sys perf status
# diag sys session stat
# diag sys top 2 30 5
# diag sys mpstat 2 5


Collect all these logs until the problem happens.

After the problem happens, run 'diag debug crash read' to get the fresh crashlog.


If possible, it is possible to use these steps to catch 2-3 times from the time problem happens.

Then it is possible to compare if there is a similarity in the last action between different shortages.


TAC can be contacted if assistance is required with capturing the debugs or running a script.