Hi All---My shop has been using a Fortigate 300AHD with OS 2.8, build 292 for a little over a month and I' ve been practically ripping my hair out over this one. CPU spikes to 90% and above when users are working (8:00 AM to 5:00 PM)---and it stays at 90% or above throughout the day--but then CPU drops significantly (10% or less) when users go home. For the past two weeks, I' ve been testing different settings on both outgoing Internet traffic (port 1-->port 2) and incoming SMTP / HTTPS / VPN (port 2-->port 1).
Shop has about 230 users (100 on LAN, 130 on WAN via DSL over ATM to main shop).
On outgoing traffic (to Internet), I have http, dns, tcp, smtp, ping, telnet , ftp, ETC enabled with URL blocking, IPS signatures (to block P2P, messaging, and other predifined signatures--which is working great, by the way), and logging enabled.
On incoming traffic, I allow SMTP, HTTPS, and VPN traffic with AV, SPAM URL & IP blocking, SPAM banned-word, SPAM RBL & ORDBL and SPAM MIME headers configured with settings I manually entered.
What finally dropped my CPU from 90% (and above) to 10% and lower was disabling all words in my " Banned-Word" list. I had words defined using Perl expression, such as " /banned-word/i" . I went back and did additional testing and found that my " Wildcard" configured words were fine, but if I added a banned word using Perl expressions, my CPU spiked. My banned word list only contained a dozen words. 5 out of 12 words were Perl-expression defined...using the " /word/i" pattern, pattern type=regular expression, language=western, where=subject, action=spam.
It may just be coincidence or dumb luck that my CPU dropped after deleting my Perl expression banned-words, but thought I' d add my two-cents anyway.
Good luck.