Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff
Staff

Created on ‎12-15-2024 02:18 PM Edited on ‎04-18-2025 05:49 AM By Moderator

Article Id 364633

Troubleshooting Tip: High CPU usage due to 'httpsd' and 'forticron' daemons on FortiGate

Description This article describes an issue where the FortiGate daemons 'httpsd' and 'forticron' exhibit consistently high CPU usage.
Scope FortiGate v7.2.8.
Solution
High CPU usage is noticed on httpsd and forticron daemons constantly, as shown below.
 
diagnose system top 2 50
Run Time:  0 days, 16 hours and 15 minutes
62U, 0N, 12S, 26I, 0WA, 0HI, 0SI, 0ST; 1866T, 384F
       forticron     3481      S      92.0     2.0    1
          httpsd     3488      R      79.7     2.7    2
          httpsd     3471      S      50.9     1.8    1
          httpsd     3456      S      29.2     1.7    2
          httpsd     3510      R      21.7     1.9    3
 
The following errors may be seen in the FortiCron debug outputs, although the application bandwidth widget is not enabled on the dashboard.
 
diagnose debug application forticron -1
diagnose debug enable
fcron_timer_func()-30: func-0x493509 from timer top_app_history takes too long time: 181 <<<<<<
fcron_timer_func()-23: Timer debug_logger fired
fcron_timer_func()-32: Timer debug_logger done
fcron_timer_func()-23: Timer sys_stats fired
fcron_timer_func()-32: Timer sys_stats done
fcron_timer_func()-23: Timer reset_but fired
fcron_timer_func()-32: Timer reset_but done
fcron_timer_func()-23: Timer systime_update fired
fcron_timer_func()-32: Timer systime_update done
fcron_timer_func()-23: Timer reset_diag_debu fired
fcron_timer_func()-32: Timer reset_diag_debu done
fcron_timer_func()-23: Timer traf_his fired
fcron_timer_func()-32: Timer traf_his done
fcron_timer_func()-23: Timer top_app_history fired
fcron_timer_func()-30: func-0x493509 from timer top_app_history takes too long time: 177  <-
 
diagnose system mpstat 2
Gathering data, wait 2 sec, press any key to quit.
..0..1
TIME        CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal   %idle
12:31:45 PM all   21.04    0.00    3.84    0.00    0.00    0.37    0.00   74.75
              0   11.39    0.00    2.97    0.00    0.00    0.00    0.00   85.64
              1   14.85    0.00    1.98    0.00    0.00    0.00    0.00   83.17
              2   26.24    0.00    5.94    0.00    0.00    0.99    0.00   66.83
              3   31.68    0.00    4.46    0.00    0.00    0.50    0.00   63.37
 
Killing the httpsd and forticron daemons does not resolve the issue.
  

This issue has been resolved in FortiOS version.

  • v7.2.11 (available to download from the Fortinet support portal).
  • v7.4.8 (scheduled to be released in April 2025).
  • v7.6.3 (available to download from the Fortinet support portal).


Note that these timelines for firmware release are estimates and may be subject to change.

 
Logs required by FortiGate TAC for investigation.
 
  1. Debugs:

 

diagnose system top 2 99
diagnose debug application httpsd -1
diagnose debug application forticron -1
diagnose debug console timestamp enable
diagnose debug enable
 
Reproduce the issue.
 
diagnose debug reset
diagnose system traffic app-stats list
 
  1. TAC Report: 

 

execute tac report
 
  1. Configuration file of the FortiGate.

  2. Fortinet Support Tool data.
924
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.