Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jstan
Staff
Staff

Created on ‎09-14-2022 12:52 AM Edited on ‎10-29-2025 03:02 AM By Moderator

Article Id 223743

Technical Tip: High memory usage of node process

Description

This article describes the reason for high memory utilization in the node process.
Scope

FortiGate running v6.4.x, v7.0.x , v7.2.x and v7.4.
Solution

On v6.4, the node process is used for:

  • Report management (which includes Security Fabric (CSF) / FortiView / Security Rating).
  • WebSockets.
  • Maintaining the CLI console widget when accessing the FortiGate via HTTP/HTTPS.


From v7.0 onwards, the node process is also responsible for:

Processing all incoming HTTP/HTTPS to serve static files (before v7.0, the process HTTPSD served static files).

 

On v7.0, the 3 main node.js scripts on a FortiGate are for:

  • Report runner (Security Rating).
  • CLI console.
  • SSL VPN QR code generation.

 

The security rating result submission is enabled by default on the FortiGate.
This feature enables the submission of security rating results to FortiGuard servers for data collection purposes and continuous learning.
The feature is memory-intensive and could lead to high memory usage observed on the node process.

 

A high memory usage of the node process can be seen, for example, with commands:

 

diagnose sys top-mem
diagnose sys top 1 20 1

 

Example output from the 'diagnose sys top' command:

 

Version: FortiGate-400E v6.4.7,build1911,210825 (GA)
Run Time: 43 days, 22 hours and 40 minutes
0U, 0N, 1S, 99I, 0WA, 0HI, 0SI, 0ST; 7852T, 2818F
node 197 S 0.0 31.1 <-- 31 % memory usage of the node process.

 

To disable the security rating functionality, execute the following command:

 

config system global
    set security-rating-result-submission disable
end

 

In some cases, it might be required to also disable the scheduled rating and restart the nodejs process:

 

config system global
    set security-rating-result-submission disable
    set security-rating-run-on-schedule disable
end

 

In some cases, it might be required to also disable the scheduled rating and restart the nodejs process:

 

diagnose nodejs process restart      <-- Before v7.0.

fnsysctl killall node      <-- v7.0 Onward.

 

In some cases, it might be required to remove a single node process:

 

   diagnose sys process pidof node        <--- Lists the pids of node processes running.

   diagnose sys kill 11 <pid number>  

 

Running a 'killall' on a process can make the system unstable.

 

Note:

The command 'set security-rating-result-submission' is not available anymore in v7.4.x.

High memory consumption is observed on the Node.JS process in v7.4.x with known issue ID 1149411, which is resolved on FortiOS versions 7.4.9. The workaround is to restart the process manually or with an automation stitch.
26612
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.