Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff & Editor
Staff & Editor

Created on ‎12-15-2024 02:18 PM Edited on ‎12-14-2025 11:39 PM By Community Manager

Article Id 364633

Troubleshooting Tip: High CPU usage due to 'httpsd' and 'forticron' daemons on FortiGate

Description This article describes an issue where the FortiGate daemons 'httpsd' and 'forticron' exhibit consistently high CPU usage.
Scope FortiGate v7.2.8.
Solution
High CPU usage is noticed on httpsd and forticron daemons constantly, as shown below.
 
diagnose sys top 2 50
Run Time:  0 days, 16 hours and 15 minutes
62U, 0N, 12S, 26I, 0WA, 0HI, 0SI, 0ST; 1866T, 384F
       forticron     3481      S      92.0     2.0    1
          httpsd     3488      R      79.7     2.7    2
          httpsd     3471      S      50.9     1.8    1
          httpsd     3456      S      29.2     1.7    2
          httpsd     3510      R      21.7     1.9    3
 
The following errors may be seen in the FortiCron debug outputs, although the application bandwidth widget is not enabled on the dashboard.
 
diagnose debug application forticron -1
diagnose debug enable
fcron_timer_func()-30: func-0x493509 from timer top_app_history takes too long time: 181 <<<<<<
fcron_timer_func()-23: Timer debug_logger fired
fcron_timer_func()-32: Timer debug_logger done
fcron_timer_func()-23: Timer sys_stats fired
fcron_timer_func()-32: Timer sys_stats done
fcron_timer_func()-23: Timer reset_but fired
fcron_timer_func()-32: Timer reset_but done
fcron_timer_func()-23: Timer systime_update fired
fcron_timer_func()-32: Timer systime_update done
fcron_timer_func()-23: Timer reset_diag_debu fired
fcron_timer_func()-32: Timer reset_diag_debu done
fcron_timer_func()-23: Timer traf_his fired
fcron_timer_func()-32: Timer traf_his done
fcron_timer_func()-23: Timer top_app_history fired
fcron_timer_func()-30: func-0x493509 from timer top_app_history takes too long time: 177  <-
 
diagnose sys mpstat 2
Gathering data, wait 2 sec, press any key to quit.
..0..1
TIME        CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal   %idle
12:31:45 PM all   21.04    0.00    3.84    0.00    0.00    0.37    0.00   74.75
              0   11.39    0.00    2.97    0.00    0.00    0.00    0.00   85.64
              1   14.85    0.00    1.98    0.00    0.00    0.00    0.00   83.17
              2   26.24    0.00    5.94    0.00    0.00    0.99    0.00   66.83
              3   31.68    0.00    4.46    0.00    0.00    0.50    0.00   63.37
 
Killing the httpsd and 'forticron' daemons does not resolve the issue.
  

This issue has been resolved in FortiOS versions 7.2.11, 7.4.8, and 7.6.3.

 
Logs required by FortiGate TAC for investigation.
 
  1. Debugs:

 

diagnose sys top 2 99
diagnose debug application httpsd -1
diagnose debug application forticron -1
diagnose debug console timestamp enable
diagnose debug enable
 
Reproduce the issue.
 
diagnose debug disable
diagnose debug reset
diagnose sys traffic app-stats list
 
  1. TAC Report: 

 

execute tac report
 
  1. Configuration file of the FortiGate.

  2. Refer to this article: Troubleshooting Tip: Collect GUI slowness and errors debugs via Fortinet Support Tool.
Labels:
3487
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.