Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lol
Staff
Staff

Created on ‎04-26-2023 06:13 AM Edited on ‎11-23-2025 06:30 AM By Community Manager

Article Id 254074

Troubleshooting Tip: WAD memory leak in object ssl.fts.str.fstr_buffer_bytes on firmware v7.0.8 and v7.0.9

Description This article describes how to detect and resolve a wad memory leak in object ssl.fts.str.fstr_buffer_bytes.
Scope FortiOS v7.0.8, v7.0.9.
Solution

The wad process has a memory leak on FortiOS v7.0.8 and v7.0.9 in the object ssl.fts.str.fstr_buffer_bytes.

The issue occurs when processing SSL/TLS traffic.

 

High memory usage in this buffer is not necessarily linked to a memory leak. In these scenarios, refer to the article: Technical Tip: High WAD memory due to ssl.fts.str.fstr_buffer_bytes buffer usage.

 

To confirm the device is matching this issue, run show the memory usage of the user space processes:

 

diagnose sys top-mem 99
wad (17503): 1238519kB <----- 1209,49 MB.
wad (17502): 623328kB
wad (17504): 605840kB
...

 

Here, the WAD process with the process ID (PID) 17503 allocated about 1200 MB.

 

Verify these wad processes are of type worker with commands:

 

diagnose debug reset
diagnose debug enable
diagnose test application wad 1000
...
Process [6]: type=worker(2) index=4 pid=17502 state=running
Process [7]: type=worker(2) index=5 pid=17503 state=running
Process [8]: type=worker(2) index=6 pid=17504 state=running
...
diagnose debug disable

 

Confirm the wad workers leak memory in object ssl.fts.str.fstr_buffer_bytes:

 

diagnose wad stats worker | grep fstr_buffer
ssl.fts.str.fstr_buffer now 297596 max 382415 total 451041111
ssl.fts.str.fstr_buffer_bytes 3290818496 <----- 3138,37 MB.

 

Repeat the steps from above periodically to observe if memory increases, i.e., after 30 minutes.

 

Workaround:

As a quick workaround, the wad processes can be restarted with the command:

 

diagnose test application wad 99

 

Also, find different ways to restart the WAD process and understand the impacts of restarting: Technical Tip: How to restart the WAD process

 

This can be automated via the 'config system auto-script' feature: Technical Tip: Automatically restart WAD worker processes.

 

Solution:

The solution is to upgrade to FortiOS versions 7.0.10, 7.2.4, or above.

 

Related articles:

Technical Tip: WAD (wad-config-notify) process consumes high Memory after upgrade to v7.4.4, v7.4.5,... 

Troubleshooting Tip: WAD memory leak due to WAD process type user-info on firmware v7.0.8 and v7.0.9
1318
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.