Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
yangw
Staff
Staff

Created on ‎02-17-2025 11:58 PM Edited on ‎03-10-2025 12:12 AM By Community Manager

Article Id 377205

Technical Tip: Workaround for high CPU usage taking by 'iked.session' daemon in v7.6.1

Description This article provides a workaround to resolve the 'iked.session takes CPU usage 99%' in v7.6.1 and v7.6.2.
Scope FortiGate, v7.6.1 and v7.6.2
Solution

Verify the true cause:

NTP servers configured over IPsec (set ntpsync enable) are causing iked.session daemon to consume a high CPU of 99.9% in one core after upgrading to v7.6.1 and/or v7.6.2.

 

The command below can be used to trace the CPU usage consuming status to identify the issue if related to the issue:

 

diagnose sys top 5 50 (run it for 20 seconds, press "q" to quit the sys top)
diag debug crashlog read

Debug output:

 

4U, 0N, 7S, 89I, 0WA, 0HI, 0SI, 0ST; 16046T, 8407F
iked 489 R 99.9 0.2 4

 

2025-02-07 01:53:19 <00489> firmware FortiGate v7.6.1,build3457b3457,241127 (GA.F) (Release)
2025-02-07 01:53:19 <00489> application iked.session
2025-02-07 01:53:19 <00489> *** signal 11 (Segmentation fault) received ***

 

Action plan:

If the debug log matches, it would match the issue. Arrange an available time to upgrade the firmware to v7.6.3.
575
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.