Hi guys
So my FG-60D running 5.2.3 has been at 100% CPU and about 90% memory recently so I thought I would run the diag sys top command as shown below.
From this command I can see that the scanunitd and IPS engine it taking most of my CPU usage. I don't have vulnerability scanner but I have AV enabled on 17 different policies. I think the box is being overworked, but can I restart any processes or do you guys have any other advice?
Run Time: 42 days, 19 hours and 54 minutes 62U, 0N, 37S, 1I; 439T, 40F, 189KF scanunitd 7079 R < 68.4 3.7 ipsengine 602 S < 19.2 13.1 httpsd 7717 S 2.3 4.2 httpsd 7718 S 1.9 4.2 httpsd 7737 S 1.7 4.2
I also ran get sys performance - Output below
CPU states: 75% user 25% system 0% nice 0% idle CPU0 states: 75% user 25% system 0% nice 0% idle Memory states: 93% used Average network usage: 6282 kbps in 1 minute, 2754 kbps in 10 minutes, 2200 kbps in 30 minutes Average sessions: 1995 sessions in 1 minute, 2178 sessions in 10 minutes, 1824 sessions in 30 minutes
If you have any form of advice in terms of how to manage this more successfully or anything to restart/kill then please let me know, would be greatly appreciated.
Kind regards
Miata
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Finally, we realized that some interfaces of Fortigate unit that were configured as trunk interfaces (multiple vlans), were receiving more traffic than they have to (have to receive only 1 vlan traffic, and was receiving 10 vlan traffic), so interface got oversubscribed and CPU of Fortigate raised almos al 100%. Allowing only the 1 vlan on the switch, solved the issue.
Check for overloaded / oversubscribed interfaces traffic.
bobm wrote:I'm running into the same thing too. I have a 90D, and after upgrading from 5.0.13 to 5.2.7 the CPU is running much higher, and about once a day (usually after hours luckily) the box goes into conserve mode during an IPS scan. I even disabled IPS in the "Features" tab in the GUI. Tried kill 11 also which didn't help. Has anyone figured this out?
BTW - just to throw it out there, really not happy that my WAN load share/backup config got blown out thanks to the "New and improved" Virtual WAN IP. Now I have to come in over the weekend and tear down every single policy in the box just to rebuild them after I configure the new failover.
Same problem here with Fortigates 310B with 5.2.7 firmware .... high cpu with spikes without reason
ı have a some problem for fortigate 80c 5.2.8 firmware . always cpu shows %100 on the other hand memory shows %37 . ı dont know what ı have to do about this problem ?
What services are you running currently with the CPU at 100%?
jakofall wrote:ı am not using any service. Also ı closed ıps , web filter and antivirus in policy. I try to use default settigins fortigate but still cpu shows %100. Also Environment is really hot now ı dont have air conditioner. İs that relayed about enviroment ?What services are you running currently with the CPU at 100%?
Hello everyone,
I have a Fortigate VM00 and I experience problem with high memory, a few minutes after restart the memory goes up to around 70% and it gets over 80% a few times a day, so I have to kill processes to lower it under 70% in order to to be able to do any configuration change.
From "diagnose sys top" I learnt that pyfcgid and httpsd processes consume together around 25% of memory. I found in some older forum postings that pyfcgid is helper process for the Fortigate GUI but no help how to avoid this problem.
I have the problem with FortiOS 5.2.8 and FortiOS 5.4.1 too.
Would anyone have a clue what to do with it?
Thank you
Finally, we realized that some interfaces of Fortigate unit that were configured as trunk interfaces (multiple vlans), were receiving more traffic than they have to (have to receive only 1 vlan traffic, and was receiving 10 vlan traffic), so interface got oversubscribed and CPU of Fortigate raised almos al 100%. Allowing only the 1 vlan on the switch, solved the issue.
Check for overloaded / oversubscribed interfaces traffic.
Hello All,
I am having Fortigate 90D firewall, i recently updated it to Firmware Version v5.4.1,build1064. After update it started utilizing CPU constantly to 100%.
I see the issue is with reportd process which is utilizing 92% of CPU. I killed it multiple times but it comes back again and again.
is there any solution to permanently disable it ?
Regard
Ali Javed
hussnainalijaved wrote:Did you follow the supported upgrade path (stepping the OS through the required versions to get to 5.4.1?)Hello All,
I am having Fortigate 90D firewall, i recently updated it to Firmware Version v5.4.1,build1064. After update it started utilizing CPU constantly to 100%.
I see the issue is with reportd process which is utilizing 92% of CPU. I killed it multiple times but it comes back again and again.
is there any solution to permanently disable it ?
Regard
Ali Javed
Mike Pruett
I am having the same problem since the upgrade to 5.2.8 and 5.2.9 on my 300C.
My 300C does not have a big load on it and it should be able to handle up to 1500 devices with the services running.
My memory is only at 50% but my user cpu is 94%. Formerly the cpu load would be a typical 50%-60% during normal business hours.
I even stopped the IPS engines but that made no difference.
Here is my top output.
94U, 0N, 5S, 1I; 2016T, 1083F, 142KF smbcd 81 S 0.8 0.0 fssod 107 S 0.4 0.4 smbcd 7965 R 0.4 0.0 proxyworker 86 S 0.2 1.3 sqldb 79 S 0.0 2.9 scanunitd 10391 S < 0.0 2.0 src-vis 96 S 0.0 1.9 scanunitd 26085 S < 0.0 1.9 scanunitd 85 S < 0.0 1.9 httpsd 1592 S 0.0 1.3 httpsd 208 S 0.0 1.3 pyfcgid 8946 S 0.0 1.1 pyfcgid 8962 S 0.0 1.1 pyfcgid 8966 S 0.0 1.1 pyfcgid 8967 S 0.0 1.1 cmdbsvr 43 S 0.0 1.0 reportd 80 S 0.0 0.9 miglogd 62 S 0.0 0.9 httpsd 64 S 0.0 0.7 httpsd 207 S 0.0 0.7
as you can see services running should not be running up the CPU.
I do have ports that are vlan trunks but that never caused issues before.
The configuration is not that complicated. I should be able to use the UTM services I choose in my environment. The Fortigate 300C was sized for my network infrastructure and included expected growth and increased internet speed.
edit.
after watching this for a while, I chose to restart the IPSmonitor engines. The system cpu went up to 18% and the user cpu went down to 81% while the IPS was reloading. It settled down after that. My system cpu is holding around 5% with the current settings. I have not noticed any performance degradation on the network nor have I had any complaints. I suspect this CPU problem is a bug in the 5.2.x firmware. It would be nice if they fixed it.
I also have been experiencing very high CPU utilization on both 80CM & 140D,running 5.2.7 & 5.2.9. While you can change the settings above, which I also performed which did not seem to have any effect. I found that turning off inspect all ports under Policy and Objects SSL/SSH Inspection resolved my CPU issues for Both Models and both Level of Firmware.. Obviously this is not a fix, but at least my users can now get decent responses from the internet. Our High CPU made the internet very slow.. BTW you need to wait 3-4 minutes before you see CPU level coming down.
Hopefully Fortieth Engineering/Development can fix this issue to return all Fortinet back to there normally processing levels.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.