Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Matt_B
Staff & Editor
Staff & Editor

Created on ‎03-05-2025 10:12 PM

Article Id 380681

Technical Tip: Repeated event logs showing 'IPSA driver update failed'

Description This article describes a repetitive error log that can occur when advanced content processing acceleration is enabled, and how to disable it.
Scope FortiGate with SOC4 hardware such as 40F, 60F, 100F and IPSA enabled.
Solution

This may match a known issue ID# 1117043 under investigation and may be triggered by FortiGuard IPS updates.

 

FortiGate with 'cp-accel-mode advanced' may log repeated instances of 'IPSA driver update failed' in system events.

 

date=2025-01-16 time=18:23:17 eventtime=1737051796822166800 logid="0100020115" type="event" subtype="system" level="error" vd="root" logdesc="IPSA driver update failed" msg="Fail to update IPSA driver status!"

date=2025-01-16 time=18:22:57 eventtime=1737051776822166079 logid="0100020115" type="event" subtype="system" level="error" vd="root" logdesc="IPSA driver update failed" msg="Fail to update IPSA driver status!"

date=2025-01-16 time=18:22:30 eventtime=1737051750752168640 logid="0100020115" type="event" subtype="system" level="error" vd="root" logdesc="IPSA driver update failed" msg="Fail to update IPSA driver status!"

date=2025-01-16 time=18:22:11 eventtime=1737051730752233280 logid="0100020115" type="event" subtype="system" level="error" vd="root" logdesc="IPSA driver update failed" msg="Fail to update IPSA driver status!"

 

Workaround:

If CPU usage was generally at acceptable levels during busy periods (for example below 60%), disable Content Processor acceleration for IPS.

 

FGT-A (global) # get system performance status

CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU0 states: 2% user 0% system 0% nice 98% idle 0% iowait 0% irq 0% softirq

CPU1 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU2 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU3 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU4 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU5 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU6 states: 1% user 0% system 0% nice 99% idle 0% iowait 0% irq 0% softirq

CPU7 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

...

 

Dashboard.png

 

To disable IPS Content Processor acceleration, make the following configuration change during a less busy time. Since this restarts ipsengine, change should be done after hours unless production traffic is already degraded.

 

config ips global

set cp-accel-mode none

end

 

As a side effect, this configuration change can also reduce memory usage by ipshelper during FortiGuard update.

See the article: Troubleshooting Tip: Conserve mode due to ipshelper in lower end models

 

2526
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.