Not an issue, but had a major decrease in firewall CPU utilization after upgrading from 7.0.14 to 7.2.8 on a Fortigate 200E Firewall.
It was averaging 50 - 60% during peak hours (9AM - 8PM EST) and typically has 30,000 sessions during this time (majority short lived). After upgrading, the CPU utilization is down to 2-4% with the same number of sessions. Memory usage has stayed steady, around 40% throughout the day.
I guess it's a good thing, but the dramatic decrease is a little weird. Has anyone experienced something similar? I had to double check if after the upgrade our Network Provider made the previous passive firewall the active, but that is not the case. It just seeps like a very dramatic drop, to the point where I'm concerned there may have been a misconfiguration before or misconfiguration now....
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Saleem,
Cpu usage decrease is a good thing with same number of session, might after upgrading newer version all process is taking less amount of cpu usage so cpu usage will shows decrease.
You can checked performance of fortiagte through below command
get system performance status
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-do-initial-troubleshooting-of...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-diagnose-sys-top-CLI-command/ta-...
Hi @saleem1,
The CPU going down from 50-60% to just about 2-4% is very significant. Couple of aspects I can think of are -
1. Hardware acceleration - It is possible that based on your traffic profile, a lot more traffic is being hardware accelerated instead of CPU due to software improvement.
2. Logging - Improvement on the software level could have had significant gains.
If you have the top, performance and session stat outputs before and after during a similar session state, we could identify a few things on what changed.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.