When attempting to access external connectors configured with large external threat feeds, high CPU and memory utilization may occur due to the consumption of resources by the httpsd daemon on FortiGate devices.

diag sys top 2 20

Run Time:  0 days, 5 hours and 13 minutes

94U, 0N, 4S, 2I, 0WA, 0HI, 0SI, 0ST; 3039T, 1508F

          httpsd     3234      R      97.6     5.8    2

          httpsd     3236      R      92.8     4.8    3

          httpsd     3239      R      85.6     6.1    0

          httpsd     3237      R      48.3     6.1    1

          httpsd     3240      R      48.3     4.8    1

diag sys top-mem

httpsd (2809): 112065kB

httpsd (2807): 106242kB

httpsd (2803): 106109kB

httpsd (2805): 105704kB

httpsd (2790): 74477kB

Top-5 memory used: 504597kB

diagnose sys mpstat 2

Gathering data, wait 2 sec, press any key to quit.

..0..1

TIME        CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal   %idle

02:35:28 PM all   97.54    0.00    1.48    0.00    0.00    0.86    0.00    0.12

              0   98.52    0.00    0.99    0.00    0.00    0.49    0.00    0.00

              1   99.51    0.00    0.49    0.00    0.00    0.00    0.00    0.00

              2   98.03    0.00    1.97    0.00    0.00    0.00    0.00    0.00

              3   94.09    0.00    2.46    0.00    0.00    2.96    0.00    0.49

This issue has been resolved in FortiOS v7.4.7 and v7.6.2.

Logs required by FortiGate TAC for investigation.

1. Capture the below CLI commands multiple times by reproducing the issue.

get system performance status

diagnose sys top 2 100

diagnose sys mpstat 2

diagnose sys top-mem 20

2. TAC Report:

   
   execute tac report
   
   

3. Configuration file of the FortiGate.

4. Fortinet Support Tool data: Troubleshooting Tip: Collect GUI slowness and errors debugs via Fortinet Support Tool