FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 262786
Description This article describes the workaround and fix schedule for an issue where the eap-proxy daemon utilizes high CPU after upgrading to FortiOS 7.2.5/7.4.0 and uses certificate bundle 1.00044/1.00045/1.00046/1.00047.
Scope FortiGate v7.2.1, v7.2.5, v7.4.0.

After upgrading to FortiOS 7.2.5 or 7.4.0, CPU utilization may be too high after the certificate bundle is upgraded from 1.00043 to 1.00044/1.00045/1.00046/1.00047.


All of the following FortiOS versions are affected:

  • FortiOS version 7.2.1 through 7.2.5.
  • FortiOS version 7.4.0.


To identify the daemon that uses a high CPU, run the command below:


diag sys top 1


In the following FortiGate that is running on FortiOS 7.2.5, it is observed that the eap_proxy daemon is running on a high CPU:


diag sys top 1
Run Time: 1 days, 3 hours and 24 minutes
3U, 0N, 9S, 88I, 0WA, 0HI, 0SI, 0ST; 3614T, 1763F
eap_proxy 886 R 99.9 0.3 2


To confirm if the eap_proxy is having an issue, proceed to check the crash log with the following command:


diag deb crashlog read


The eap-proxy has been restarting every few seconds:


diag debug crashlog read
1: 2023-07-05 10:33:12 the killed daemon is /bin/eap_proxy: status=0x0
2: 2023-07-05 10:33:14 the killed daemon is /bin/eap_proxy: status=0x0
3: 2023-07-05 10:33:17 the killed daemon is /bin/eap_proxy: status=0x0
4: 2023-07-05 10:33:19 the killed daemon is /bin/eap_proxy: status=0x0


If FortiGate had recently upgraded the certificate bundle from 1.00043 to 1.00044, 1.00045, 1.00046 or 1.00047 , the respective is matching a known bug. It is then, necessary to check the certificate bundle version with the following command:


The trigger condition is not tied to certain certificate bundle versions. Any certificate bundle version upgrade can potentially trigger this behavior.


diag autoupdate versions | grep -A6 "Certificate"


diag autoupdate versions | grep -A6 "Certificate"
Certificate Bundle
Version: 1.00045
Contract Expiry Date: n/a
Last Updated using scheduled update on Thu Jul 6 08:33:53 2023
Last Update Attempt: Thu Jul 6 08:33:53 2023
Result: Updates Installed


If all three of the symptoms match, it would be a match to bug 923164 documented in the FortiOS 7.4.0 release note:




Reboot FortiGate or restart the eap_proxy process in the CLI:


fnsysctl killall eap_proxy 


To verify the process ID before and after executing the first command: 


diagnose sys process pidof eap_proxy 



  • Upgrade to FortiOS version 7.2.6 or above.
  • Upgrade to FortiOS version 7.4.1 or above.