High CPU and Memory Usage

Miata · ‎07-30-2015

Hi guys

So my FG-60D running 5.2.3 has been at 100% CPU and about 90% memory recently so I thought I would run the diag sys top command as shown below.

From this command I can see that the scanunitd and IPS engine it taking most of my CPU usage. I don't have vulnerability scanner but I have AV enabled on 17 different policies. I think the box is being overworked, but can I restart any processes or do you guys have any other advice?

Run Time: 42 days, 19 hours and 54 minutes 62U, 0N, 37S, 1I; 439T, 40F, 189KF scanunitd 7079 R < 68.4 3.7 ipsengine 602 S < 19.2 13.1 httpsd 7717 S 2.3 4.2 httpsd 7718 S 1.9 4.2 httpsd 7737 S 1.7 4.2

I also ran get sys performance - Output below

CPU states: 75% user 25% system 0% nice 0% idle CPU0 states: 75% user 25% system 0% nice 0% idle Memory states: 93% used Average network usage: 6282 kbps in 1 minute, 2754 kbps in 10 minutes, 2200 kbps in 30 minutes Average sessions: 1995 sessions in 1 minute, 2178 sessions in 10 minutes, 1824 sessions in 30 minutes

If you have any form of advice in terms of how to manage this more successfully or anything to restart/kill then please let me know, would be greatly appreciated.

Kind regards

Miata

frajico · ‎08-12-2016

Finally, we realized that some interfaces of Fortigate unit that were configured as trunk interfaces (multiple vlans), were receiving more traffic than they have to (have to receive only 1 vlan traffic, and was receiving 10 vlan traffic), so interface got oversubscribed and CPU of Fortigate raised almos al 100%. Allowing only the 1 vlan on the switch, solved the issue.

Check for overloaded / oversubscribed interfaces traffic.

View solution in original post

frajico · ‎05-31-2016

bobm wrote:
I'm running into the same thing too. I have a 90D, and after upgrading from 5.0.13 to 5.2.7 the CPU is running much higher, and about once a day (usually after hours luckily) the box goes into conserve mode during an IPS scan. I even disabled IPS in the "Features" tab in the GUI. Tried kill 11 also which didn't help. Has anyone figured this out?

BTW - just to throw it out there, really not happy that my WAN load share/backup config got blown out thanks to the "New and improved" Virtual WAN IP. Now I have to come in over the weekend and tear down every single policy in the box just to rebuild them after I configure the new failover.

Same problem here with Fortigates 310B with 5.2.7 firmware .... high cpu with spikes without reason

Rookie_tr · ‎08-09-2016

ı have a some problem for fortigate 80c 5.2.8 firmware . always cpu shows %100 on the other hand memory shows %37 . ı dont know what ı have to do about this problem ?

jakofall · ‎08-09-2016

What services are you running currently with the CPU at 100%?

Rookie_tr · ‎08-09-2016

jakofall wrote:
What services are you running currently with the CPU at 100%?

ı am not using any service. Also ı closed ıps , web filter and antivirus in policy. I try to use default settigins fortigate but still cpu shows %100. Also Environment is really hot now ı dont have air conditioner. İs that relayed about enviroment ?

sklenda · ‎08-09-2016

Hello everyone,

I have a Fortigate VM00 and I experience problem with high memory, a few minutes after restart the memory goes up to around 70% and it gets over 80% a few times a day, so I have to kill processes to lower it under 70% in order to to be able to do any configuration change.

From "diagnose sys top" I learnt that pyfcgid and httpsd processes consume together around 25% of memory. I found in some older forum postings that pyfcgid is helper process for the Fortigate GUI but no help how to avoid this problem.

I have the problem with FortiOS 5.2.8 and FortiOS 5.4.1 too.

Would anyone have a clue what to do with it?

Thank you

frajico · ‎08-12-2016

Finally, we realized that some interfaces of Fortigate unit that were configured as trunk interfaces (multiple vlans), were receiving more traffic than they have to (have to receive only 1 vlan traffic, and was receiving 10 vlan traffic), so interface got oversubscribed and CPU of Fortigate raised almos al 100%. Allowing only the 1 vlan on the switch, solved the issue.

Check for overloaded / oversubscribed interfaces traffic.

hussnainalijaved · ‎10-07-2016

Hello All,

I am having Fortigate 90D firewall, i recently updated it to Firmware Version v5.4.1,build1064. After update it started utilizing CPU constantly to 100%.

I see the issue is with reportd process which is utilizing 92% of CPU. I killed it multiple times but it comes back again and again.

is there any solution to permanently disable it ?

Regard

Ali Javed

MikePruett · ‎10-07-2016

hussnainalijaved wrote:
Hello All,

I am having Fortigate 90D firewall, i recently updated it to Firmware Version v5.4.1,build1064. After update it started utilizing CPU constantly to 100%.

I see the issue is with reportd process which is utilizing 92% of CPU. I killed it multiple times but it comes back again and again.

is there any solution to permanently disable it ?

Regard
Ali Javed

Did you follow the supported upgrade path (stepping the OS through the required versions to get to 5.4.1?)

Mike Pruett

Fortinet GURU | Fortinet Training Videos

BarryM · ‎11-15-2016

I am having the same problem since the upgrade to 5.2.8 and 5.2.9 on my 300C.

My 300C does not have a big load on it and it should be able to handle up to 1500 devices with the services running.

My memory is only at 50% but my user cpu is 94%. Formerly the cpu load would be a typical 50%-60% during normal business hours.

I even stopped the IPS engines but that made no difference.

Here is my top output.

94U, 0N, 5S, 1I; 2016T, 1083F, 142KF smbcd 81 S 0.8 0.0 fssod 107 S 0.4 0.4 smbcd 7965 R 0.4 0.0 proxyworker 86 S 0.2 1.3 sqldb 79 S 0.0 2.9 scanunitd 10391 S < 0.0 2.0 src-vis 96 S 0.0 1.9 scanunitd 26085 S < 0.0 1.9 scanunitd 85 S < 0.0 1.9 httpsd 1592 S 0.0 1.3 httpsd 208 S 0.0 1.3 pyfcgid 8946 S 0.0 1.1 pyfcgid 8962 S 0.0 1.1 pyfcgid 8966 S 0.0 1.1 pyfcgid 8967 S 0.0 1.1 cmdbsvr 43 S 0.0 1.0 reportd 80 S 0.0 0.9 miglogd 62 S 0.0 0.9 httpsd 64 S 0.0 0.7 httpsd 207 S 0.0 0.7

as you can see services running should not be running up the CPU.

I do have ports that are vlan trunks but that never caused issues before.

The configuration is not that complicated. I should be able to use the UTM services I choose in my environment. The Fortigate 300C was sized for my network infrastructure and included expected growth and increased internet speed.

edit.

after watching this for a while, I chose to restart the IPSmonitor engines. The system cpu went up to 18% and the user cpu went down to 81% while the IPS was reloading. It settled down after that. My system cpu is holding around 5% with the current settings. I have not noticed any performance degradation on the network nor have I had any complaints. I suspect this CPU problem is a bug in the 5.2.x firmware. It would be nice if they fixed it.

abgilson · ‎11-17-2016

I also have been experiencing very high CPU utilization on both 80CM & 140D,running 5.2.7 & 5.2.9. While you can change the settings above, which I also performed which did not seem to have any effect. I found that turning off inspect all ports under Policy and Objects SSL/SSH Inspection resolved my CPU issues for Both Models and both Level of Firmware.. Obviously this is not a fix, but at least my users can now get decent responses from the internet. Our High CPU made the internet very slow.. BTW you need to wait 3-4 minutes before you see CPU level coming down.

Hopefully Fortieth Engineering/Development can fix this issue to return all Fortinet back to there normally processing levels.