Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
SteveR
Staff
Staff

Created on ‎06-11-2025 12:55 AM Edited on ‎11-19-2025 01:16 AM By Moderator

Article Id 395128

Technical Tip: Workaround for auth proccess fnbamd stalling when a high volume of SSL connections are being authenticated

Description This article describes a solution that can be employed if the fnbamd process is seen to stall when authenticating a high volume of SSL connections simultaneously.
Scope FortiOS and SSL VPN.
Solution

The authentication process (fnbamd) may be seen to stall if many hundreds or thousands of SSL VPN connections are simultaneously connecting and requiring authentication.

 

In this scenario, it is necessary to kill the fnbamd process one or more times to allow all SSL VPN connections to form and authenticate successfully.

 

To kill the fnbamd process, use below command:


fnsysctl killall fnbamd

 

This could be the case when a FortiGate that terminates many hundreds or thousands of SSL VPN connections is rebooted or when a HA failover event occurs.

 

Cause:

This scenario can be caused by fnbamd being busy with a short default remoteauthtimeout setting of 5 seconds, which results in the new connection never getting a chance to be processed, and it will be timed out again.

 

Solution:

Increase the remoteauthtimeout setting.

 

config system global

    set remoteauthtimeout <1-300>

end
455
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.