Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpalli
Staff
Staff

Created on ‎09-26-2024 11:07 PM Edited on ‎02-17-2025 10:34 AM

Article Id 344835

Technical Tip: WAD Daemon Signal 11 Crash due to WebFilter Logging

Description This article describes the cause of the WAD crash in FortiOS firmware versions v7.6.0, v7.2.9, v7.2.10, and v7.4.5, which leads to intermittent browsing connection drops, and discusses a feasible workaround.
Scope FortiGate.
Solution

The WAD daemon crash is likely related to the logging feature enabled on the FortiGuard WebFilter Categories configuration under the web filter profile. Refer to the configuration given below.

 

config webfilter profile
    edit "webfilter"
        set feature-set proxy
            config ftgd-wf
                config filters
                    edit 1
                        set category 2
                        set log enable
                    next

                    edit <n>
                        set category 2
                        set log enable
                    next
                end
            end
        set log-all-url enable
        set web-filter-command-block-log enable
        set web-url-log enable
        set web-ftgd-err-log enable
    next
end

 

This is applicable especially when the crashlog is accompanied by a session which is handled by Web filter UTM profile. See below:

 

diagnose debug crashlog read

16373: 2024-09-02 11:25:26 <35397> (session info) http session: vf=0 session-id=854793132 app_type=1
16374: 2024-09-02 11:25:26 dyn_type=0 non_tp=0, pol_id=410, h2=1, src/port=x.x.x.x:65415,
16375: 2024-09-02 11:25:26 dst/port=20.3.1.41:443, usr/grp=(/) req_pol_id(410), is_first/is_close(1/0)
16376: 2024-09-02 11:25:26 svr_addr(20.3.1.41:443) scheme/method(https/1) host:licensing.mp.microsoft.com
16377: 2024-09-02 11:25:26 url:/v7.0/licenses/content, body_len=762

 

Workaround:

Unset the web filter profile from all the firewall policies (if web filtering is not required).

 

OR:

 

Disable logging for each filter entry or Identify the FortiGuard category entry responsible for the crash by examining the crash log, web filter event logs, and disable logging for those, set log-all-url disable and set web-url-log disableTo find the filter ID associated with the category ID, refer to Technical Tip: How to check the web filtering categories corresponding to the category ID.

 

config webfilter profile
    edit "webfilter"
        set feature-set proxy
            config ftgd-wf
                config filters
                    edit 1
                        set category 2
                        set log disable
                    next

                    edit <n>
                        set category 2
                        set log disable
                    next
                end
            end
        set log-all-url disable
        set web-filter-command-block-log disable
        set web-url-log disable
        set web-ftgd-err-log disable
    next
end


A permanent fix is available on firmware versions 7.2.11, 7.4.6 and 7.6.1. 

If the WAD daemon continues to crash after applying the workaround above, capture the following information before submitting a support request to the Fortinet Technical Team.

 

1. execute tac report

2. Configuration File.

 

1922
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.