- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiWifi 60D firewall 100% CPU randomly
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiWifi 60D firewall 100% CPU randomly
Hello,
I hope this is posted in the right forum.
FortiWifi 60D
Firmware 6.0
Please bear with me as this is quite a story.
I am struggling with an ongoing issue with a client's FortiWifi 60D firewall since September 2018. I've had multiple remote sessions with Fortinet Tech Support, for multiple hours on multiple days and Fortinet cannot figure out a solution to my problem which worries me a lot. I am trying this forum as a last line of defense before I switch them to a different brand firewall.
The firewall chokes itself at completely random times and runs on 100% (system) CPU usage. When this happens, it drops all in and outbound internet traffic. In other words, the entire office cannot access the internet. Some times this happens 2 days in a row and some times they run an entire month without any issues before this happens again. It does not only happen at peak moments. It also occurs on weekends when the office is empty and nobody is at work. There is no loop or broadcast storm in the network, as servers, computers and printers can talk to each other without a single issue when this problem occurs. So the problem is solely with the Fortinet's CPU. Restarting the firewall does not resolve the problem.
The only way to make the Fortinet calm down is to physically disconnect desktops from the network. Apparently there is something in the network triggering the Fortinet to kill itself. Which computer in the network it is, is always completely random. But once I have found the problematic machine, the fortinet calms down. When I then reconnect the desktop's cable to the network switch, everything remains normal. Fortinet Tech support witnessed this behavior and they told me there is a bug in the firmware I ran back then (v5.2.5) that causes the firewall to kill itself when desktop computers run the FortiClient software and download their definitions/updates from the firewall. The tech recommended me to upgrade to the latest version (6.0.x). So I did and it did not resolve the problem. They ran about a month without an issue but then the same thing happened again. So I uninstalled the FortiClient software on literally all the desktops, but that still did not resolve the problem. So I called Fortinet support again, they ran a "diag sys top" to look at the CPU consumption of the processes and that list of processes did not even add up to 100% CPU. But a "get system performance status" does show 100% System CPU. We then tried to mirror the traffic that goes to and from the inside interface of the firewall and redirected it to a laptop with Wireshark. We could not find anything that points to the problem. So, you won't believe this, but we ended the call with "I don't know". Now all my hope was gone. So I demonstrated the same trick to the tech and disconnected the computers from the network switches one by one until the Fortinet calmed down. The tech took a note of that and ended the call.
Now about 2 weeks later without issues, the problem is back again and twice in a row on one day. My client's business is impacted heavily by this so I hope somebody on this forum can shine some light on this issue. If not, then after dealing with this problem for half a year I will boot the Fortinet out. One more thing I want to add: my client has multiple FortiWifi 60D sitting as spares on the shelf. I even tried to replace the firewall with a spare unit and it runs into the exact same issue. The fact that the intervals are completely random makes it hard to pinpoint.
Thanks.
Labels:
- Labels:
-
6.0
- « Previous
-
- 1
- 2
- Next »
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ended up finding the cause for my issues. Viewing the system event log, I noticed that the fgt was doing a scheduled fabric update right before the CPU spike notifications.
I changed the fortiguard update settings from Scheduled to Push, and so far the notifications for high CPU usage have stopped.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found a completely different reason for the high CPU utilization. It was the act of device scanning on the internal lan interface. If you navigate to network then interface, edit the lan interface and under the section marked networked devices disable Active scanning. The firewall is now back to running at its typical 5 to 9% and spiking to 30 and 40 periodically but that's normal based on traffic patterns. Why this happened after the upgrade is beyond me. I'm wondering if it is something corrupted during the upgrade and if doing a clean install would simply clear the issue but leave the active scanning in place
Created on 12-08-2021 06:56 AM Edited on 12-08-2021 07:15 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This just happened to me as well on a 60D that I upgraded from 6.0.12 to 6.0.14. I'm going to downgrade and let you know what happens
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Forgot to mention that running 'diag sys top' reveals that the netscan service is consuming about 93% of the CPU consistently. I haven't downgraded yet and the firewall is no longer blocking all traffic anymore but it's inconsistent. I'll update you as soon as I can
- « Previous
-
- 1
- 2
- Next »
Related Posts
- AP-Fail 1467 Views
- ZTNA error code 061 after upgrading... 407 Views
- Used Fortigate - FortiCloud 204 Views
- FortiVoice Strange problem 295 Views
- FortiOS API POST new Policy 793 Views
Labels
-
FortiGate
6,645 -
FortiClient
1,326 -
5.2
801 -
5.4
639 -
FortiManager
575 -
FortiAnalyzer
419 -
6.0
416 -
5.6
362 -
FortiSwitch
341 -
FortiAP
338 -
FortiClient EMS
270 -
6.2
251 -
FortiMail
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
156 -
6.4
128 -
FortiNAC
109 -
FortiGuard
106 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
76 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
65 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
29 -
SD-WAN
29 -
FortiConnect
24 -
High Availability
23 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
19 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
Logging
12 -
LDAP
11 -
VDOM
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
fortilink
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.