Hi all,
i have 2 FGT 800C running in HA mode Active-Active before 3 days ago i have upgraded the firmware from 5.2.4 to 5.4.2 using proper upgrade path which provided by fortinet 5.2.4 > 5.2.6 > 5.2.9 > 5.4.2, after upgrading the firmware i noticed that FGT GUI is very very slow especially when i navigate to polices page took like 3 to 5 mints to open. i have opened ticket with foritnet support and waiting for their reply, did anyone faced this issue?
Note: i changed the HA mode to Active-Passive, matched HA Hash, and restarted the both units.
Thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
i did it, still lagging and glitching specially ( address & policy pages)
Foritnet support team advised:
- How you are accessing Web-GUI either by VPN, Public IP or Internally (LAN). - Also when you are checking keep the "httpsd" on check with multiple browser by clearing there browsing history. - In FGT Web-GUI you are facing slowness with specific page i.e "Policy Page", "Interface Page" or the complete GUI
Please provide the output of below mentioned commands again. # diag debug reset # diag debug disable # diag debug enable # diag web-ui debug enable # diag debug application httpsd -1 Once done collecting logs # di de reset # di de disable ---> to disable # exec tac report ** Run the command di sys top-summary again ** See the process id (PID) for httpsd ** Kill it using the following command and try to access web GUI again, diagnose sys kill 11 <PID> PID RSS CPU% ^MEM% FDS TIME+ NAME 84 78M 0.0 1.0 20 00:13.45 httpsd [x4] Then check the performance again of GUI.
@kallbrandt
i ran this command "diag debug config-error-log read". i didn't found any error
5.4.2 still lagging and glitching it really pissing me off. i will downgrade to 5.2.10
FortiOS has features more than any vendor but more bugs as well.
i wish Fortinet team focus on fixing bugs instead of introducing more features or at least focus on both equally
last point: Fortinet support is very bad they really need to enhance the service
Hai
Can you plz run the below commands
diagnose sys top and try to restart the httpsd process
Regards
Mahesh
i did it, still lagging and glitching specially ( address & policy pages)
Foritnet support team advised:
- How you are accessing Web-GUI either by VPN, Public IP or Internally (LAN). - Also when you are checking keep the "httpsd" on check with multiple browser by clearing there browsing history. - In FGT Web-GUI you are facing slowness with specific page i.e "Policy Page", "Interface Page" or the complete GUI
Please provide the output of below mentioned commands again. # diag debug reset # diag debug disable # diag debug enable # diag web-ui debug enable # diag debug application httpsd -1 Once done collecting logs # di de reset # di de disable ---> to disable # exec tac report ** Run the command di sys top-summary again ** See the process id (PID) for httpsd ** Kill it using the following command and try to access web GUI again, diagnose sys kill 11 <PID> PID RSS CPU% ^MEM% FDS TIME+ NAME 84 78M 0.0 1.0 20 00:13.45 httpsd [x4] Then check the performance again of GUI.
i have another 4 FGTs at remote sites, they working perfectly with 5.2.x
after i sent the logs to fortinet: they point the issue to:
httpsd 14767 - 1481537449] api_monitor_handler[454] -- received api_monitor_request from '10.2.24.124' [httpsd 14767 - 1481537449] aps_init_process_vdom[1200] -- initialized process vdom to 'NPC-VDOM' (cookie='NPC-VDOM') [httpsd 14767 - 1481537449] handle_req_vdom[387] -- new API request (action='select',path='system',name='debug',vdom='NPC-VDOM',user='mrazik') [httpsd 14767 - 1481537449] build_system_debug[2592] -- JavaScript error -- https://10.2.2.1:31994/cc...c2f3/qed_list_all.js:4 -- Uncaught TypeError: Cannot read property 'name' of undefined [httpsd 14767 - 1481537449] ap_invoke_handler[594] -- request completed (handler='api_monitor-handler' result==0) [httpsd 14767 - 1481537449] ap_invoke_handler[571] -- new request (handler='api_monitor-handler', uri='/api/monitor?path=system&name=debug', method='POST') [httpsd 14767 - 1481537449] ap_invoke_handler[575] -- User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Have the same problem with FortiOS 5.4.3 on several different devices.
Our FortiGate-200D cluster is worse of all. It contains 200+ policies and it's a hell right now if we want to look into or change policies using the GUI. (Om 5.2.8 it was 10x faster)
There are no config errors and log disks are already formatted.
Any of you having tips or solutions?
- MBR -
NSE1, NSE2, NSE3
FGT60D/E, FWF60D/E, FGT200D
I can officially say that running FortiGate 900d with around 2k policies is the slowest gui I have ever seen ...
I am having problems on several boxes running 5.4.4.
Including 1500d, 900d, 300d etc.
I opened a tac case one time because of my 1500d cluster and the answer was that this was a bug in progress
and until they fixed it the solution was to set the gui to display only 20 lines.
"The bug is still under progress, As a workaround you can reduce the no of shown policies to 20 per page, then log-out and log-in again, to do that please execute the below commands # config system global # set gui-lines-per-page 20 # end
"
20 lines per page is still slow so I am hoping 5.6 will be better .
Has anyone had the balls to try out 5.6 on production ? :)
NSE7, FMG, FAC, FAZ .
1500D's, 1200D's, 900D's, 300D's, 200D's, 100D's and bunch of small stuff.
Hi Smari,
5.6.0 doesn't fix this bug :(
Fortinet told me the fix will be released in (5.6.1), which is scheduled to be launched starting Q3
I'm very disappointed again in the Fortinet way of resolving such huge issues. I don't get it why the let customers wait so long (until some next release) before resolving urgent issues. In my opinion the should consider urgent patches or private hotfixes in these cases.
The 20 lines per page is indeed still way to slow... (I don't get it how it's possible these versions pass Q&A testing)
I hope this bug will also be fixed in a new 5.4.x release because I really don't want to get on the 5.6 release cycle this early.
- MBR -
NSE1, NSE2, NSE3
FGT60D/E, FWF60D/E, FGT200D
Could you share the bug ID?
I didn't received the Bug ID but you may refer to ticket nr. 2108453
- MBR -
NSE1, NSE2, NSE3
FGT60D/E, FWF60D/E, FGT200D
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.