On a FortiGate firewall, processes are scheduled to run on specific CPU cores based on system design, performance optimization, and CPU affinity settings. Understanding which CPUs a process can run on is crucial for troubleshooting performance issues and optimizing resource utilization.

fnsysctl cat /proc/<PID>/status

This command provides details of the process along with the CPU affinity under the Cpus_allowed_list field.

Examples:

# fnsysctl cat /proc/321/status

Name:   wad

State:  S (sleeping)

Tgid:   321

Pid:    321

PPid:   287

TracerPid:      0

<output clipped>

Cpus_allowed:   fff

Cpus_allowed_list:      0-11

voluntary_ctxt_switches:        112344

nonvoluntary_ctxt_switches:     39

The WAD process can run on CPU cores 0 to 11.

fnsysctl cat /proc/6683/status

Name:   httpsd

Umask:  0022

State:  S (sleeping)

Tgid:   6683

Ngid:   0

Pid:    6683

PPid:   1

<output clipped>

TracerPid:      0

Cpus_allowed:   0001

Cpus_allowed_list:      0

voluntary_ctxt_switches:        1394769

nonvoluntary_ctxt_switches:     7

The httpsd is restricted to CPU core 0.

fnsysctl cat /proc/285/status

Name:   miglogd

State:  S (sleeping)

Tgid:   285

Pid:    285

PPid:   1

TracerPid:      0

<output clipped>

Cpus_allowed:   400

Cpus_allowed_list:      10

voluntary_ctxt_switches:        6371161

nonvoluntary_ctxt_switches:     139

The miglogd is restricted to CPU core 10.

A single CPU (e.g. Cpus_allowed_list: 0) means the process is pinned to one core.

A range (e.g. Cpus_allowed_list: 0-11) indicates the process can run on multiple cores.