Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
tino_p
Staff
Staff

Created on ‎10-17-2024 04:15 AM Edited on ‎03-25-2025 01:55 AM By Community Manager

Article Id 350070

Technical Tip: 'fnbamd' Daemon Consumes High Memory when Secure STARTTLS is Configured for LDAP

Description This article describes an issue where the 'fnbamd' daemon utilizes high memory, causing the FortiGate to enter Memory Conserve Mode. The issue is triggered when STARTTLS is configured in LDAP configuration.
Scope FortiGate v7.0.14, v7.0.15, v7.2.6, v7.2.7, v7.2.8, v7.2.10 v7.4.3.
Solution

A gradual increase in memory usage by the 'fnbamd' daemon has been observed on FortiGate devices running the above-mentioned versions when STARTTLS is configured in LDAP configuration. This can result in the device entering Memory Conserve Mode.


The problem can be verified by examining the logs as outlined below.

 

LDAP configuration:

 

config user ldap
    edit "LDAP-fortiad"
        set server "10.88.0.1"
        set cnid "sAMAccountName"
        set dn "dc=fortiad,dc=info"
        set type regular
        set username "fortiad\\Administrator"
        set password <password>
        set secure starttls
    next
end

 

diagnose sys top-mem
fnbamd (284): 5745721kB

diagnose sys top 2 100
Run Time: 148 days, 16 hours and 50 minutes
6U, 0N, 3S, 85I, 0WA, 0HI, 6SI, 0ST; 7587T, 2441F
fnbamd 284 S 16.1 25.3 4

 

This issue has been resolved in v7.2.11 and v7.6.1.


Workaround:
Kill fnbamd process using the commands:


fnsysctl killall fnbamd

 

Restart the process using a script based on the increasing pattern. This script will restart the process every 6 hours to prevent memory growth over time.

 

config system auto-script

    edit restart_fnbamd
        set interval 21600
        set repeat 0 
        set start auto
        set script 'fnsysctl killall fnbamd'
    next
end

 

Disable STARTTLS in LDAP configuration using the below commands:

 

config user ldap
    edit <LDAP_Name>
        set secure disable
end

 

Logs required by FortiGate TAC for investigation.

  1. Logs:

get system performance status
get system status
diagnose sys top 2 100
diagnose sys top-mem 20
diagnose test application fnbamd 1
diagnose test application fnbamd 2
diagnose test application fnbamd 3
diagnose test application fnbamd 4
diagnose test application fnbamd 6
diagnose sys top-mem 20
diagnose hardware sysinfo memory
diagnose hardware sysinfo slab
diagnose hardware sysinfo shm
diagnose hardware sysinfo conserve
diagnose sys top-mem detail  <----- Note this will only show details of the top 5 processes using the most memory.

 

Add the number of processes after 'detail' if the process is listed further in the top-mem list.

diagnose sys process pidof fnbamd      <----- Note the process_ID of the fnbamd process here.

fnsysctl cat /proc/[process_ID]/maps  <----- Place the process ID taken from the previous command without the brackets.
diagnose debug crashlog read 

  1. TAC Report:

execute tac report

  1. Configuration file of the FortiGate.

 

Related article:
Technical Tip: How to optimize the Memory consumption 

 

Labels:
4720
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.