Created on
10-09-2024
04:06 AM
Edited on
08-20-2025
06:42 AM
By
Ylli_Seitaj
Description | This article describes the workaround for the known issue 1069190 causing a high CPU load due to IPS engine 7.00342. |
Scope | FortiGate. |
Solution |
After upgrading to v7.2.9 the IPS Engine 7.00342 triggers a High CPU usage on the FortiGate.
The issue is tracked in the internal engineering ticket 1069190. The problem is resolved in the IPS engine versions 7.00345, 7.00551, 7.01021, and above. IPS Engine 7.00345 is released with FortiOS 7.2.11, IPS Engine 7.00551 is released with FortiOS v7.4.6, and IPS Engine 7.01021 is released with FortiOS v7.6.1.
For more details related to the IPS Engine upgrade process follow this article: Technical Tip: How to manually upgrade the IPS Engine To upgrade the IPS Engine version to 7.00345 create a new ticket with TAC Support to request the correct IPS Engine file.
To confirm the current FortiOS version through the CLI run:
get system status Version: FortiGate-80F v7.2.9,build1688,240813 (GA.M)
To confirm the IPS engine version in use run:
get system auto-update versions IPS Attack Engine
To confirm the problem run the below commands. The output of the 'diag sys top' command will show IPS engines having a higher CPU load:
Run Time: 0 days, 19 hours and 19 minutes
The CPU load as seen with the command 'get sys perf stat' is mostly in system space:
CPU states: 25% user 44% system 0% nice 9% idle 0% iowait 0% irq 22% softirq
At this point, run the CPU profiler to collect more information on process usage, commands below:
<wait 5-10 seconds> diagnose sys profile show detail diagnose sys profile sysmap
Collect the above debugs which can be provided to TAC if the case is opened.
Requirements to trigger the problem:
config firewall policy config firewall ssl-ssh-profile
config firewall profile-protocol-options
A workaround is to remove one of these conditions above.
Another workaround is to downgrade the IPS engine from 7.00342 to IPS Engine 7.00341 or below:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.