Fortinet Community

mcdaniels · ‎12-13-2019

Hi folks,

I recently had to switch 2 of our policies in our FGT 100D to flow mode. Otherwise we had connectionissues to use a special service.

After switching these 2 policies to flow-mode we had a massive performance impact. From time to time the FGT was NOT reachable cause of the high cpu utilization. This happened 3 times on this morning.

There are only about 10 clients in these 2 policies. The other clients (about 100) go with proxymode-policies.

Is there any issue known in combination with the flow mode?

FGT 100 D

OS: v6.22

Thanks!

Best regards,

Daniel

mcdaniels · ‎12-16-2019

Hi,

now I am unsure whether this is connected to the flow-mode. It seems to be the process ipsmonitor, which from time to time kills cpu. (100% usage).

This never happened before the update to OS: 6.22

Any thoughts?

Hosemacht · ‎12-19-2019

Hey there,

as far i know its not really recommendet to enable Flow mode on some Policies while the entire box ist set to Proxy Mode.

If possible try to set the whole fortigate to Flow Mode ,set the Policies to proxy again or downgrade your Firmware.

there is a known bug id for 6.2.2 you maby ran into it:

ID: 586608 - The CPU consumtion of ipsengine gets high with customer configuration file

sudo apt-get-rekt

Fortinet Community

Flow mode on certain policies - massive performance impact? (High CPU Usage)