When there are multiple administrators connected to the GUI and/or the Security Fabric topology size is large, Node.js can spike in CPU and memory usage when a FortiGate or other Fabric Connector is updated. This eventually leads to slow GUI response.

diagnose sys top 2 50
Run Time: 4 days, 12 hours and 36 minutes
7U, 0N, 3S, 89I, 0WA, 0HI, 1SI, 0ST; 48292T, 30340F
node 6725 R 98.5 2.1 15

The following event log 22042 entries may appear in the 'node' debugs:

[node Event Log - 1710771306 info] - Received event log 22042
[node Web Authentication - 1710771308 info] - Request is authorized with cookie.
.
.
[node Event Log - 1710771321 info] - Received event log 22042
[node Web Authentication - 1710771324 info] - Request is authorized with cookie.

This issue has been resolved in FortiOS versions 7.4.8 and 7.6.3.

Workaround:

• If 'node' process is consuming high CPU with just one admin logged in, try removing Security Fabric Widget from the Dashboard.
• If multiple admins are concurrently logged in, disconnect the other concurrent administrator sessions following the article: Technical Tip: Multiple ways to list and disconnect administrators logged in to a FortiGate
  
  

Logs required by FortiGate TAC for investigation:

1. To capture the debugs:

diagnose debug reset

diagnose debug application nodejs -1

diagnose debug enable

Wait for 5-10 minutes.

To stop the debug:

diagnose debug disable

diagnose debug reset

get sys admin list
diagnose sys top 2 50 <-- Press Ctrl+C to stop.

2. TAC Report: 

execute tac report

3. Configuration file of the FortiGate.
4. Fortinet Support Tool data