Hi guys
So my FG-60D running 5.2.3 has been at 100% CPU and about 90% memory recently so I thought I would run the diag sys top command as shown below.
From this command I can see that the scanunitd and IPS engine it taking most of my CPU usage. I don't have vulnerability scanner but I have AV enabled on 17 different policies. I think the box is being overworked, but can I restart any processes or do you guys have any other advice?
Run Time: 42 days, 19 hours and 54 minutes 62U, 0N, 37S, 1I; 439T, 40F, 189KF scanunitd 7079 R < 68.4 3.7 ipsengine 602 S < 19.2 13.1 httpsd 7717 S 2.3 4.2 httpsd 7718 S 1.9 4.2 httpsd 7737 S 1.7 4.2
I also ran get sys performance - Output below
CPU states: 75% user 25% system 0% nice 0% idle CPU0 states: 75% user 25% system 0% nice 0% idle Memory states: 93% used Average network usage: 6282 kbps in 1 minute, 2754 kbps in 10 minutes, 2200 kbps in 30 minutes Average sessions: 1995 sessions in 1 minute, 2178 sessions in 10 minutes, 1824 sessions in 30 minutes
If you have any form of advice in terms of how to manage this more successfully or anything to restart/kill then please let me know, would be greatly appreciated.
Kind regards
Miata
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Finally, we realized that some interfaces of Fortigate unit that were configured as trunk interfaces (multiple vlans), were receiving more traffic than they have to (have to receive only 1 vlan traffic, and was receiving 10 vlan traffic), so interface got oversubscribed and CPU of Fortigate raised almos al 100%. Allowing only the 1 vlan on the switch, solved the issue.
Check for overloaded / oversubscribed interfaces traffic.
Hello!
We have a 240D Fortigate and we've been through CPU problems as well.
We had memory problems before it. Turning into proxy mode gave us some breath, but we had to turn back to proxy because of safe search. Now, since the last upgrade to 5.2.10, our CPU is running around 80% average. We have tops of 100% sometimes.
I already looked at interfaces througput as the other guy said, but everything is fine. The problem is processes getting high CPU.
CPU [|||||||||||||||||||||||||||||||||||| ] 90.4% Mem [|||||||||||||||||| ] 47.0% 1866M/3955M Processes: 20 (running=5 sleeping=88)
PID RSS ^CPU% MEM% FDS TIME+ NAME * 80 478M 67.0 12.1 26897 39:30.85 proxyd [x3] 27819 221M 54.1 5.6 76 07:00.85 ipsmonitor [x4] 81 39M 41.1 1.0 35 28:02.44 scanunitd [x3] 6289 29M 7.3 0.7 15 00:01.49 sshd [x4] 61 30M 5.6 0.8 26 59:16.53 miglogd 92 108M 3.7 2.8 20 01:37.52 urlfilter 122 52M 0.9 1.3 14 26:58.57 updated 27423 80M 0.0 2.0 14 00:02.89 pyfcgid [x6] 35 3M 0.0 0.1 5 00:00.32 mrvl3135_worker 6214 14M 0.0 0.4 22 00:01.29 cw_acd 43 28M 0.0 0.7 13 01:21.60 cmdbsvr 48 12M 0.0 0.3 90 01:49.82 zebos_launcher [x12] 2874 14M 0.0 0.4 35 00:14.78 iked 60 12M 0.0 0.3 12 00:02.12 uploadd 62 11M 0.0 0.3 8 00:00.97 kmiglogd 63 36M 0.0 0.9 52 00:10.30 httpsd [x4] 65 11M 0.0 0.3 8 00:00.00 getty 69 11M 0.0 0.3 11 00:07.73 merged_daemons 70 13M 0.0 0.3 12 00:00.33 fnbamd 71 11M 0.0 0.3 11 00:00.10 fclicense
Hi Guys,
Requires solution for high cpu utilization in FW-300C firewall, you can find the system top performances when it reached the high spikes,
Run Time: 34 days, 9 hours and 38 minutes 57U, 0N, 42S, 1I; 2016T, 819F, 144KF ipsengine 28896 R < 94.6 3.2 updated 88 S 2.9 1.0 miglogd 89 S 1.7 1.3 wad 91 S 0.5 0.9 sqldb 80 S 0.0 3.5 iked 87 R 0.0 2.8 httpsd 25638 S 0.0 2.1 httpsd 25477 S 0.0 2.1 miglogd 63 R 0.0 1.6 reportd 81 S 0.0 1.6 cmdbsvr 44 S 0.0 1.6 pyfcgid 28835 S 0.0 1.6 scanunitd 28412 S < 0.0 1.3 scanunitd 28413 S < 0.0 1.3 scanunitd 86 S < 0.0 1.3 pyfcgid 28824 S 0.0 1.3 pyfcgid 28842 S 0.0 1.2 proxyworker 85 S 0.0 1.1 pyfcgid 28765 S 0.0 1.1 dnsproxy 107 S 0.0 1.0
Please help on this.....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.