Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sanda
New Contributor

Created on ‎04-11-2024 06:24 AM

Fortigate 200E HIGH CPU USAGE - IPS problem

Hi, Did anyone faced an issue were suddenly Windows devices were sending big amount of DNS traffic to Actve Directory - which eventually leads to conserve mode on FortiGate device, We reach like 300k sessnions.. I heard that Windows has weird behaviour where there is a DNS high latency - then Windows is starting "flood" dns requests for whatever reason.. Im no sure if its true, but I dont see any other reason. Of cousrse there is no DDoS or any other malicious thing :)

Im starting to thinking that 200E maight be not enough for such amount of traffic, but its not explainging why Windows is behaving like this - I met this scenerio a few time in different companies as well.

FortiOS: 7.0.14

10.0.0.0.1 192.168.1.254
10.0.0.0.1 192.168.1.254
Labels:
932
0 Kudos
2 REPLIES 2
adambomb1219
SuperUser
SuperUser

Created on ‎04-11-2024 06:52 AM

How do you know conserve mode is related to high amounts of DNS traffic?  Does that traffic from the endpoints to AD even cross the 200E?  

920
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎04-11-2024 07:07 AM

Hi Sanda

Yes I saw the same issue few months ago on a FG 1800F FOS 7.0.12.

We did the following to fix it:

  • Disable traffic log for DNS sessions. If needed you can create a policy at top for matching only DNS traffic and disable logs for that policy (this will probably fix your issue)
  • Give a short TTL to DNS (UDP 53), like 20s is more than enough
  • Find the RCA and fix this DNS rush from client side. In our case there was a software on many clients repeating the same DNS queries because it was not replied for some reason
  • Update FOS to the latest patch. You may update it to 7.0.15
AEK
AEK
904
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.