Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kcheng
Staff
Staff

Created on ‎07-05-2023 09:54 PM Edited on ‎11-09-2023 10:21 AM By Moderator

Article Id 262786

Technical Tip: EAP_Proxy consuming high CPU after upgrade to FortiOS 7.2.5 or 7.4.0

Description This article describes the workaround and fix schedule for an issue where the eap-proxy daemon utilizes high CPU after upgrading to FortiOS 7.2.5/7.4.0 and uses certificate bundle 1.00044/1.00045/1.00046/1.00047.
Scope FortiGate v7.2.1, v7.2.5, v7.4.0.
Solution

After upgrading to FortiOS 7.2.5 or 7.4.0, CPU utilization may be too high after the certificate bundle is upgraded from 1.00043 to 1.00044/1.00045/1.00046/1.00047.

 

All of the following FortiOS versions are affected:

  • FortiOS version 7.2.1 through 7.2.5.
  • FortiOS version 7.4.0.

 

To identify the daemon that uses a high CPU, run the command below:

 

diag sys top 1

 

In the following FortiGate that is running on FortiOS 7.2.5, it is observed that the eap_proxy daemon is running on a high CPU:

 

diag sys top 1
Run Time: 1 days, 3 hours and 24 minutes
3U, 0N, 9S, 88I, 0WA, 0HI, 0SI, 0ST; 3614T, 1763F
eap_proxy 886 R 99.9 0.3 2

 

To confirm if the eap_proxy is having an issue, proceed to check the crash log with the following command:

 

diag deb crashlog read

 

The eap-proxy has been restarting every few seconds:

 

diag debug crashlog read
1: 2023-07-05 10:33:12 the killed daemon is /bin/eap_proxy: status=0x0
2: 2023-07-05 10:33:14 the killed daemon is /bin/eap_proxy: status=0x0
3: 2023-07-05 10:33:17 the killed daemon is /bin/eap_proxy: status=0x0
4: 2023-07-05 10:33:19 the killed daemon is /bin/eap_proxy: status=0x0

 

If FortiGate had recently upgraded the certificate bundle from 1.00043 to 1.00044, 1.00045, 1.00046 or 1.00047 , the respective is matching a known bug. It is then, necessary to check the certificate bundle version with the following command:

 

The trigger condition is not tied to certain certificate bundle versions. Any certificate bundle version upgrade can potentially trigger this behavior.

 

diag autoupdate versions | grep -A6 "Certificate"

 

diag autoupdate versions | grep -A6 "Certificate"
Certificate Bundle
---------
Version: 1.00045
Contract Expiry Date: n/a
Last Updated using scheduled update on Thu Jul 6 08:33:53 2023
Last Update Attempt: Thu Jul 6 08:33:53 2023
Result: Updates Installed

 

If all three of the symptoms match, it would be a match to bug 923164 documented in the FortiOS 7.4.0 release note:

https://docs.fortinet.com/document/fortigate/7.4.0/fortios-release-notes/236526

 

Workaround:

 

Reboot FortiGate or restart the eap_proxy process in the CLI:

 

fnsysctl killall eap_proxy 

 

To verify the process ID before and after executing the first command: 

 

diagnose sys process pidof eap_proxy 

 

Solution:

  • Upgrade to FortiOS version 7.2.6 or above.
  • Upgrade to FortiOS version 7.4.1 or above.
25626
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.