Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Long delays in connections through firewall

Hi all We have a FGT-60B which has suddenly started playing up. Firmware version is 3.00-b0668(MR6 patch 2) We use it for our general internet access and also for traffic to our hosted web site. Within the last 2 weeks, we' ve been experincing long delays (average around 30 seconds) when trying to browse to internet sites. Sometimes the site will come up after the delay and then be OK, sometimes it will load the page very slowly, sometimes you' d get an error saying the page could not be displayed. On our hosted site, customers have been reporting the same problems. I' ve traced the problem to communications across the firewall' s zones, by doing the following testing: Accessing our web server by it' s internal IP address (INT-->DMZ interface) and also by it' s public URL (the IP of which is on the WAN2 interface that is then routed to the DMZ interface so I assume INT>WAN2>DMZ). The DMZ only connectionis absolutely fine, but when browsing to the site using the public IP it is very slow. I assume that our general internet problems (internal -->WAN1) are caused by a similar interface-interface problem. We have limited reporting on the firewall, the memory and CPU usage is within tolerable limits, and really I don' t know what to do to troubleshoot this. I have of course rebooted the firewall and this has had no effect. Can anyone suggest what this might be or suggest some things to try? Thanks Andy
26 REPLIES 26
hidayet
New Contributor II

Hi AndyCole, Protection profile can try to remove or FortiOs 4.0 MR1
http://www.hidayetaltun.com
http://www.hidayetaltun.com
mhe
Contributor II

Are the configured DNS Server still reachable???
Not applicable

Thanks for the replies so far. I disabled the protection profile and for a minute I thought it was working but it was just temporary. It has made no difference. DNS is all fine, that' s the first thing I checked. I also just noticed that CPU usage is very high. Frequently 92% and sometimes 99%. No reports of problems in the log, though. We haven' t added any extra users or traffic recently so I can' t see a reason for this. Andy
hidayet
New Contributor II

Trojan or virus on your network.This causes excessive traffic.On your network scan
http://www.hidayetaltun.com
http://www.hidayetaltun.com
rwpatterson
Valued Contributor III

The 60B will start to flake out when the memory goes over about 78%. 80% or more will go into conserve mode where services start to get shut down to improve CPU cycles. Search the forums and knowledge base for that. There' s plenty out there on the subject. Good luck

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Bob, thanks. You said that it starts to flake out when memory goes over 78%. Did you mean CPU? Memory usage is a pretty constant 54%. It' s the CPU usage that' s high. I shall search the forums anyway, thanks. Andy
Not applicable

Hi I searched this forum and did some searches on google but I didn' t find anything that suggests a cause of high CPU usage, or any diagnostic suggestions. I am currently turning off access for non-essential users, and shall gradually turn them all back on, and keep an eye on CPU usage as I do so, in order to rule out the possibility of a single user causing the problem. Any other suggestions? Thanks Andy
Not applicable

I' ve used a program called Fireplotter to analyze the traffic through the firewall and checked the CPU usage at the same time. There isn' t any traffic spike or overload causing the CPU cycles. I can only come to the conclusion that the firewall is at fault. Now if only fortinet would respond to my support ticket..... Andy
Not applicable

Hi again I' ve used diag sys top command to check what' s using the CPU and the spikes seem to be caused by scanunitd. I found one other thread on here about it which says that it' s the AV engine. On that particular thread, the poster had made a config change which had caused it. In our case, I haven' t changed anything, this just started happening all on it' s own. I have already proved that it' s not high traffic causing this, so it' s not as if all of a sudden we' re overloading the AV scanner. Google only holds 32 pages that refer to scanunitd. I shall start reading them all! Can anyone confirm what scanunitd is? Cheers Andy.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors