Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff
Staff

Created on ‎12-15-2024 02:18 PM

Article Id 364633

Troubleshooting Tip: High CPU usage due to 'httpsd' and 'forticron' daemons on FortiGate

Description This article describes an issue where the FortiGate daemons 'httpsd' and 'forticron' exhibit consistently high CPU usage.
Scope FortiGate v7.2.8
Solution
High CPU usage is noticed on httpsd and forticron daemons constantly as shown below.
 
diag sys top 2 50
Run Time:  0 days, 16 hours and 15 minutes
62U, 0N, 12S, 26I, 0WA, 0HI, 0SI, 0ST; 1866T, 384F
       forticron     3481      S      92.0     2.0    1
          httpsd     3488      R      79.7     2.7    2
          httpsd     3471      S      50.9     1.8    1
          httpsd     3456      S      29.2     1.7    2
          httpsd     3510      R      21.7     1.9    3
 
The following errors may be seen in the FortiCron debug outputs, although application bandwidth widget is not enabled on the dashboard.
 
diagnose debug application forticron -1
diagnose debug enable
fcron_timer_func()-30: func-0x493509 from timer top_app_history takes too long time: 181 <<<<<<
fcron_timer_func()-23: Timer debug_logger fired
fcron_timer_func()-32: Timer debug_logger done
fcron_timer_func()-23: Timer sys_stats fired
fcron_timer_func()-32: Timer sys_stats done
fcron_timer_func()-23: Timer reset_but fired
fcron_timer_func()-32: Timer reset_but done
fcron_timer_func()-23: Timer systime_update fired
fcron_timer_func()-32: Timer systime_update done
fcron_timer_func()-23: Timer reset_diag_debu fired
fcron_timer_func()-32: Timer reset_diag_debu done
fcron_timer_func()-23: Timer traf_his fired
fcron_timer_func()-32: Timer traf_his done
fcron_timer_func()-23: Timer top_app_history fired
fcron_timer_func()-30: func-0x493509 from timer top_app_history takes too long time: 177  <-
 
diagnose sys mpstat 2
Gathering data, wait 2 sec, press any key to quit.
..0..1
TIME        CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal   %idle
12:31:45 PM all   21.04    0.00    3.84    0.00    0.00    0.37    0.00   74.75
              0   11.39    0.00    2.97    0.00    0.00    0.00    0.00   85.64
              1   14.85    0.00    1.98    0.00    0.00    0.00    0.00   83.17
              2   26.24    0.00    5.94    0.00    0.00    0.99    0.00   66.83
              3   31.68    0.00    4.46    0.00    0.00    0.50    0.00   63.37
 
Killing the httpsd and forticron daemons does not resolve the issue.
  
This issue is currently under investigation by the development team. The article will be updated with the latest information once a fix is available.
 
Logs required by FortiGate TAC for investigation.
 
  1. Debugs:
diagnose sys top 2 99
diagnose debug application httpsd -1
diagnose debug application forticron -1
diagnose debug console timestamp enable
diagnose debug enable
<reproduce the issue>
diagnose debug reset
diagnose sys traffic app-stats list
 
  1. TAC Report: 
execute tac report
 
  1. Configuration file of the FortiGate.

  2. FortiGate Support Tool data.
206
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.