Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff & Editor
Staff & Editor

Created on ‎10-21-2024 10:19 PM Edited on ‎09-24-2025 01:01 PM By Staff

Article Id 351239

Technical Tip: 'SSL VPN Watchdog Timeout' and sslvpnd Daemon Crash with Signal 11 (Segmentation Fault)

Description This article describes the issue where the SSL VPN daemon (sslvpnd) crashes with a Signal 11 (segmentation fault) when an 'SSL VPN watchdog timeout' is reported.
Scope FortiGate v7.0.12, 7.0.14, v7.2.7, v7.2.8, v7.2.10.
Solution

The slowness of the SSL VPN process is reported by the log entry 'SSL VPN watchdog timeout'.
When this slowness occurs, the sslvpnd daemon may have crashed with Signal 11 (segmentation fault).

 

The following log messages can be found in the System Events and Crashlog output. Navigate to Log & Report -> System Events -> General System Events:


date=2024-02-12 time=11:22:53 eventtime=1707754973186739333 tz="-0500" logid="0100032546" type="event" subtype="system" level="warning" vd="root" logdesc="Application crashed" action="crash" msg="Pid: 08678, application: sslvpnd, Firmware: FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release), Signal 11 received, Backtrace: [0x36acf192]"
date=2024-02-12 time=11:22:20 eventtime=1707754939626667478 tz="-0500" logid="0100032546" type="event" subtype="system" level="warning" vd="root" logdesc="Application crashed" action="crash" msg="Pid: 08733, application: sslvpnd, Firmware: FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release), Signal 11 received, Backtrace: [0x36acf192]"

diagnose debug crashlog read
5051: 2024-02-13 15:23:12 sslvpn watchdog timeout
5052: 2024-02-13 15:23:12 sslvpnd previously crashed 1 times. The last crash was at 2024-02-13 15:23:00.
5053: 2024-02-13 15:23:12 <14460> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)
5054: 2024-02-13 15:23:12 <14460> application sslvpnd
5055: 2024-02-13 15:23:12 <14460> *** signal 11 (Segmentation fault) received ***
5056: 2024-02-13 15:23:12 <14460> Register dump:
5057: 2024-02-13 15:23:12 <14460> R0: 36f13adc R1: 00000005 R2: 3eba4510 R3: 00000005
5058: 2024-02-13 15:23:12 <14460> R4: 36aeb000 R5: 36f13adc R6: 3eba45b0 R7: 3eba44f0
5059: 2024-02-13 15:23:12 <14460> R8: 3eba4540 R9: 36ed826c R10: 00000000 FP: 3ebb0fd8
5060: 2024-02-13 15:23:12 <14460> IP: 36aeb048 SP: 3eba44f0 LR: 36acf41f PC: 36acf192
5061: 2024-02-13 15:23:12 <14460> CPSR: 200f0030 Addr: 00000005
5062: 2024-02-13 15:23:12 <14460> Trap: 0000000e Error: 00000017 OldMask: 00002000
5063: 2024-02-13 15:23:12 <14460> Backtrace:
5064: 2024-02-13 15:23:12 <14460> [0x36acf192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8 liboffset <<<<<<<<<<<<<<<<<<<<<<<
5065: 2024-02-13 15:23:12 00004192
5066: 2024-02-13 15:23:12 <14460> fortidev 6.0.1.0005

 

This issue has been resolved in FortiOS versions 7.2.11, 7.4.7, 7.4.8, and 7.6.0.

Note:

The sslvpnd process can be killed (fnsysctl killall sslvpnd) as a temporary workaround. It is recommended to restart the process during off-business hours to avoid any impact. The system will automatically restart the process, clearing session-related data, including the access control cache.

 

Related article:

Technical Tip: Find and restart/kill a process on a FortiGate by the process ID (PID) via pidof
3104
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.