Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalli
Staff
Staff

Created on ‎09-26-2024 11:07 PM Edited on ‎10-18-2024 06:26 AM By Staff

Article Id 344835

Technical Tip: WAD Daemon Signal 11 Crash due to WebFilter Logging

Description This article describes the cause of the WAD crash in FortiOS firmware versions v7.6.0, v7.2.9, v7.2.10, and v7.4.5, which leads to intermittent browsing connection drops, and discusses a feasible workaround.
Scope FortiGate.
Solution

The WAD daemon crash is likely related to the logging feature enabled on the FortiGuard WebFilter Categories configuration under the web filter profile. Refer to the configuration given below.

 

config webfilter profile
    edit "webfilter"
        set feature-set proxy
            config ftgd-wf
                config filters
                    edit 1
                        set category 2
                        set log enable
                    next

                    edit <n>
                        set category 2
                        set log enable
                    next
                end
            end
        set log-all-url enable
        set web-filter-command-block-log enable
        set web-url-log enable
        set web-ftgd-err-log enable
    next
end

 

This is applicable especially when the crashlog is accompanied by a session which is handled by Web filter UTM profile. See below:

 

diagnose debug crashlog read

16373: 2024-09-02 11:25:26 <35397> (session info) http session: vf=0 session-id=854793132 app_type=1
16374: 2024-09-02 11:25:26 dyn_type=0 non_tp=0, pol_id=410, h2=1, src/port=x.x.x.x:65415,
16375: 2024-09-02 11:25:26 dst/port=20.3.1.41:443, usr/grp=(/) req_pol_id(410), is_first/is_close(1/0)
16376: 2024-09-02 11:25:26 svr_addr(20.3.1.41:443) scheme/method(https/1) host:licensing.mp.microsoft.com
16377: 2024-09-02 11:25:26 url:/v7.0/licenses/content, body_len=762

 

Workaround:

Disable logging for each filter entry or identify the FortiGuard category entry responsible for the crash by examining the crash log and web filter event logs. To find the filter ID associated with the category ID, refer to Technical Tip: How to check the web filtering categories corresponding to the category ID.

 

config webfilter profile
    edit "webfilter"
        set feature-set proxy
            config ftgd-wf
                config filters
                    edit 1
                        set category 2
                        set log disable
                    next

                    edit <n>
                        set category 2
                        set log disable
                    next
                end
            end
        set log-all-url disable
        set web-filter-command-block-log disable
        set web-url-log disable
        set web-ftgd-err-log disable
    next
end


A permanent software fix will be available soon in the upcoming firmware releases. If the WAD daemon continues to crash after applying the workaround above, capture the following information before submitting a support request to the Fortinet Technical Team.

 

  1. execute tac report
  2. Configuration File.
402
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.