We have a Fortigate-1500D running on 5.6.8 which is averaging CPU usage around 50%, some days ago there was a huge peak in the CPU usage which went up to 90%.
I took some screenshots from the device's web interface shortly after issue was reported and it seems like there was a drop in the number of sessions the same time the CPU was going up to the sky.
Processing the logs in Splunk showed that at the CPU peak time there was a huge number of logged traffic events with "action=accept"
All the accepted traffic was from different sources but all to the same destination ( A remote proxy server )
Naturally i would think that this is caused by newly created sessions but as i said, on the device it showed a drop in the number of active sessions...
My question ultimately is : Was the CPU usage caused by an issue with the remote proxy server causing all those sessions (around 26k sessions) to terminate abruptly and therefore the device was busy logging all sessions that dropped (log on session close)?
OR
Was it caused really by new sessions? it contradicts with only one thing which is the device showing a drop in session count not the other way around.
I am strongly inclined to believe this was caused by excessive logging due to abrupt sessions termination... Is that likely? How do i confirm that?
The screenshot shows Splunk and the utilzation as reported by the device.
Thanks in advance :)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you show memory usage?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.