Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcheng
Staff & Editor
Staff & Editor

Created on ‎07-05-2023 09:54 PM Edited on ‎11-20-2025 10:13 PM By Moderator

Article Id 262786

Technical Tip: EAP_Proxy consuming high CPU after upgrade to FortiOS v7.2.5 or v7.4.0

Description This article describes the workaround and fix schedule for an issue where the eap-proxy daemon utilizes high CPU after upgrading to FortiOS v7.2.5/v7.4.0 and uses certificate bundle 1.00044/1.00045/1.00046/1.00047.
Scope FortiGate v7.2.1, v7.2.5, v7.4.0.
Solution

After upgrading to FortiOS v7.2.5 or v7.4.0, CPU utilization may be too high after the certificate bundle is upgraded from 1.00043 to 1.00044/1.00045/1.00046/1.00047.

 

All of the following FortiOS versions are affected:

  • FortiOS version 7.2.1 through 7.2.5.
  • FortiOS version 7.4.0.

 

To identify the daemon that uses a high CPU, run the command below:

 

diagnose sys top 1

 

In the following FortiGate that is running on FortiOS v7.2.5, it is observed that the eap_proxy daemon is running on a high CPU:

 

diagnose sys top 1
Run Time: 1 days, 3 hours and 24 minutes
3U, 0N, 9S, 88I, 0WA, 0HI, 0SI, 0ST; 3614T, 1763F
eap_proxy 886 R 99.9 0.3 2

 

To confirm if the eap_proxy is having an issue, proceed to check the crash log with the following command:

 

diagnose deb crashlog read

 

The eap-proxy has been restarting every few seconds:

 

diagnose debug crashlog read
1: 2023-07-05 10:33:12 the killed daemon is /bin/eap_proxy: status=0x0
2: 2023-07-05 10:33:14 the killed daemon is /bin/eap_proxy: status=0x0
3: 2023-07-05 10:33:17 the killed daemon is /bin/eap_proxy: status=0x0
4: 2023-07-05 10:33:19 the killed daemon is /bin/eap_proxy: status=0x0

 

If FortiGate had recently upgraded the certificate bundle from 1.00043 to 1.00044, 1.00045, 1.00046, or 1.00047, the respective version matches a known bug. It is then necessary to check the certificate bundle version with the following command:

 

The trigger condition is not tied to certain certificate bundle versions. Any certificate bundle version upgrade can potentially trigger this behavior.

 

diagnose autoupdate versions | grep -A6 "Certificate"
Certificate Bundle
---------
Version: 1.00045
Contract Expiry Date: n/a
Last Updated using scheduled update on Thu Jul 6 08:33:53 2023
Last Update Attempt: Thu Jul 6 08:33:53 2023
Result: Updates Installed

 

If all three of the symptoms match, it would be a match to bug 923164 documented in the FortiOS v7.4.0 release note:

Known issues 7.4.0

 

Workaround:

Reboot FortiGate or restart the eap_proxy process in the CLI:

 

fnsysctl killall eap_proxy 

 

To kill the process using the process ID, execute the following commands to find and kill the process: 

 

diagnose sys process pidof eap_proxy

diagnose sys kill 11 <process_id>  

 

Solution:

  • Upgrade to FortiOS version 7.2.6 or above.
  • Upgrade to FortiOS version 7.4.1 or above.
31829
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.