Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
VinayHM
Staff
Staff

Created on ‎08-18-2023 12:39 AM Edited on ‎05-20-2025 07:19 AM By Moderator

Article Id 269314

Troubleshooting Tip: High CPU and MEMORY usage problem

Description This article provides CLI commands to correct the High CPU and MEMORY usage Problem in the short term.
Scope High CPU and Memory cause of IPS engine.
Solution

IPS Engine using high memory and high CPU cases are different types of cases. Each of them has its own troubleshooting methods.

 

The command shown below might helps to collect some detailed information about the IPS Engine and restart/start/stop/bypass it to decrease the usage temporarily.

 

Use the below CLI command:

 

diagnose test application ipsmonitor

 

IPS Engine Test Usage:

1: Display IPS engine information
2: Toggle IPS engine enable/disable status <--- Enable and disable the IPS Engine. Do not apply this command in production hours.
3: Display restart log
4: Clear restart log
5: Toggle bypass status                    <--- It bypasses the IPS Engine.
6: Submit attack characteristics now
10: IPS queue length
11: Clear IPS queue length
12: IPS L7 socket statistics
13: IPS session list
14: IPS NTurbo statistics
15: IPSA statistics
18: Display session info cache
19: Clear session info cache
21: Reload FSA malicious URL database
22: Reload allowlist URL database
24: Display Flow AV statistics
25: Reset Flow AV statistics
32: Reload certificate blocklist database
40: Display packet log statistics
41: Reset packet log statistics
42: IoT device notification statistics
44: Dump IPS stack backtrace
96: Toggle IPS engines watchdog timer
97: Start all IPS engines <--- It starts all IPS Engines after they stopped with the command below.
98: Stop all IPS engines <--- It stops all IPS Engines and needs the command above to start all IPS Engines again.
99: Restart all IPS engines and monitor <--- It restarts all IPS Engines.

 

The most common command used to deal with the IPS Engine consuming high resources is the following, which restarts the IPS process:


diagnose test application ipsmonitor 99

 

For high CPU usage by IPS Engine cases it is recommended to bypass the engine before restart or stop it.

 

diagnose test application ipsmonitor 5
bypass: enable

 

If the CPU usage decreases after bypass, that is a strong indication of the volume of traffic inspected is too much for the FortiGate model that is in use.
If the CPU usage does not change after bypass, it is a strong indication that the problem is not related to the IPS engine itself.

 

Command to disable bypass IPS Engine shown below:

 

diagnose test application ipsmonitor 5
bypass: disable

 

Collect the output below multiple times:

 

diagnose test application ipsmonitor 44

diagnose sys process pidof ipsengine

diagnose sys pstack <-- PID of IPSEngine from the last command.

 

Note: Do not run the restart or stop commands during production hours, as it will affect the ongoing sessions. Make sure to run them in the maintenance window.
8832
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.