FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Adryan_you
Staff
Staff
Article Id 331783
Description This article describes how to resolve high CPU issues on bcm.user after upgrading to 7.0.x.
Scope FortiGate.
Solution

After upgrading FortiGate firmware from 6.4.x to 7.0.x, the high CPU issue occurred.

 

  1. Check the FortiGate CPU usage:

    get sys performance status

  2. If the softIRQ stats are high, that indicates network looping may occur.

 softirq.png

 

  1. Check and confirm the user has switched the interface config.

    config system switch-interface
    show

  2. Enable STP-Forward in all the interfaces that are under the switch-interface setting:

    config sys interface

        edit <port>

            set stpforward enable

    end

  3. Check the FortiGate CPU again. The 'softIRQ' stats should drop.

  1. bcm.user process is in charge of controlling the internal switch of the equipment. This process needs to run some routines to keep the equipment kernel updated with information on the link statuses as well as statistical data in real-time internally (which can be used for new functionalities in versions 7.XX), so a consumption between 10-20% in a core is expected.