FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bcastano
Staff
Staff
Article Id 339351
Description

 

This article describes how to create a script to automatically kill a WAD process when it is spiking and causing high memory/CPU usage issues.

 

Scope

 

FortiGate.

 

Solution

 

WAD is the process in charge of handling proxy traffic (it is used by security profiles, IPS). To confirm whether it is causing the WAD process to spike, check the processes and their consumption through the GUI or CLI.

 

Checking processes using FortiGate’s GUI:

 

From the Dashboard, go to the CPU widget, select it, and select ‘Process Monitor’.

 

bcastano_0-1725553202649.png

 

The processes will be listed. Select the ‘Command’ tab to organize them by name:

 

bcastano_1-1725553202653.png

 

Then, to manually kill the process from the GUI, right-click it process, select ‘Kill process’, and then ‘Kill’ or ‘Force Kill’:

 

bcastano_2-1725553202655.png

 

Checking processes using FortiGate’s CLI

 

The CLI command to list the processes consumption is as follows:

 

diag sys top


To manually kill/restart the WAD process from the CLI:

 

diagnose test application wad 99


Upon confirming that the WAD process is the one above normal, and to avoid killing/restarting this process manually every time, use the following script:

 

Go to the CLI:

 

config system auto-script

edit restart_wad

set interval 86400  <- Time in seconds (In this example is set to 24 hours).
set repeat 200   <- Times to repeat (days).
set start auto
set script 'diag test app wad 99'

next

end

 

The memory consumption will drop back to normal levels after applying this script.

 

To remove the Auto Script:

 

config system auto-script

delete restart_wad

end

 

If the issue recurs even after following the aforementioned steps, it is recommended to open a TAC case to check this behavior in-depth. 

 

Related articles:

How to view, verify and kill the processe... - Fortinet Community

Overview of WAD process structure - Fortinet Community

Technical Tip: Use a new FortiOS mechanism to automatically restart WAD workers

Comments
MaryBolano
Staff
Staff

Great article @bcastano !! Keep it up!!

lpedraza
Staff
Staff

Well done @bcastano @MaryBolano !!!