Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
imohdishak
Staff
Staff

Created on ‎05-07-2019 06:01 AM

Troubleshooting Tip: DNSproxy consuming high CPU on FortiGate

Description
This article describes how to reduce high CPU usage on FortiGate caused by DNSproxy.

Solution
DNSproxy consumes high CPU in FortiGate when the DNS server is configured as a local/private DNS server.

In order to verify the CPU usage in FortiGate, run the following commands:
diag sys top
Figure below shows that DNSproxy consumes high CPU in FortiGate:


Troubleshooting (example):

1) Verified the configuration and see if the primary DNS on the FortiGate is an internal IP address as follows:
config system dns
    show

config system dns
    set primary 10.0.1.254                       <--- This is not a global DNS server
    set secondary 208.91.112.52
end

2) If the primary DNS is not a global/public DNS server, set the primary to a global/public DNS as follows:
config system dns
    set primary 1.1.1.1
end
3) After the configuration is finished, verify the CPU usage as follows:
diag sys top
Figure below shows that CPU usage by DNSproxy has reduced in FortiGate:



Labels:
6017
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.