Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPS Engine Running at 95%-99% Constantly
I am running version v4.0build0194 (MR1 Patch 3) and IPS Engine 1.00164. As of Wednesday last week we started seeing our CPU spike to over 95% and cause an interuption of services. After several days of providing logs and debug information to Fortinet the best possible answer we received was to restart the ipsengine services to resolve the issue and/or bypass the ipsengine entirely.
They now defined it as a bug #125279. Just wanted to give everyone a heads up.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks... I have heard that 164 still has a bug in. I have not seen anything yet. Would you mind sharing a little more info? What box are you using? Were you on the same firmware when 164 was installing or have you upgraded? When does the spike happen while modifing the system or was it randomly on its own. I assume that tech support kill the service with the kill 11 command, did they say what process was the issue?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
310B is the only model I have seen the problems on. The IPS engine was current when we started seeing the problem. The spikes would happen at random periods of time but according to support it looks like the IPSengine was crashing every 30 mins or so. CPU didn' t spike everytime but it was spiking like 2-3 times a day and staying there. The IPSengine process is the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks... If you hear more please share.
I was asking about the process because when the IPS engine spike in CPU or memory it really could be because of a different process. The IPS engine is like the GOD of all other process. Most of the other process needs the IPS engine to do their job. If you do a diag kill 11 it will print a crash log. If you read the crash log it will tell you the process that were causing the issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe it was actually the IPSMonitor process failing. However, we have since upgraded to 4.0MR2P1 and the problem still exists. I think the bug has carried over.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same thing here. We were running ok until a few weeks ago and now I keep getting paged about high CPU utlization. Seems to affect a number of platforms, including 60B and 800.
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked
Questions http://firewallguru.blogspot.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our firewall stays between 99 and 100%, only when we turn off the ips it lowers the CPU consumption. How important is keeping the ips on? Fortigate 60C Firmware 5.2.11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPS Engine Running at 95%-99% Constantly
im expiriencing a similar problem, whereby one of our VDOMs in a 3000D FW with connects +- 50k users, max sessions is +-400k sessions, the CPU spikes at around 9am every morning when everyone is back at work, and this affects our filtering, but as soon as we disable SSL Certificate inspection, the CPU goes back to normal. SSL is configured to inspect only 443. what could the issue be?