|
If the event log displays an entry with the description 'logdesc="IPSA driver update failed"' and the message 'msg="Fail to update IPSA driver status!"', the error corresponds to the mentioned issue.
For FortiGate-40F/41F, 60F/61F, 80F/81F, and 100F/101F, check the output of 'show ips global'. If the cp-accel-mode is set to basic, the issue is associated with bug 854897, which has been resolved as 'won't fix'.
If cp-accel-mode is set to advanced, and the output of the command 'diag test app ipsm 15' indicates 'self-test failed' (as shown below), the error is likely related to bug 1117043.
diagnose test application ipsmonitor 15
Self Test: Failed <---
[222] req 43078 submit 43078 succ 43078 fail 0 fatal 0 segn 0 p_sub 0 p_res0 ver_g=2 ver_l=0
[222] DB compiled 4 times, last 4 records:
0: succ rules 21539 pats 45248 Thu Jan 16 08:47:36 2025
1: succ rules 21539 pats 45248 Thu Jan 16 08:48:00 2025
0000002: succ rules 21564 pats 45314 Thu Jan 16 18:21:50 2025
3: succ rules 21564 pats 45460 Thu Jan 16 18:22:36 2025
[448] req 1460689 submit 11 succ 10 fail 1 fatal 1460678 segn 0 p_sub 0 p_res 0 ver_g=2 ver_l=2
Workaround:
To resolve the issue:
- Perform a cold power cycle on the FortiGate.
Make sure to unplug the power cable to the FortiGate unit and wait at least 1 minute before powering it back on and booting up. Simply executing the command 'execute shutdown' (without unplugging the power cable) and then powering it on, or allowing it to auto-reboot after 'execute shutdown', is not an effective workaround.
Alternatively,
- If the CPU usage is low (less than 60%), disable CP offload globally:
config ips global
set cp-accel-mode none
end
Solution:
The permanent solution has already been addressed and will be included in FortiOS v7.4.8 and v7.6.4.
|
