I updated our Fortigate 100E to V7.2.7 Build 1577 on 2/9/2024 manually (after frequent timeouts via fabric management). Received notification of sslvpnd application crashes on 2/11/2024. Further examination showed no trace of the CVE-2022-42475 indicators, or traffic with the listed critical IPs, but there were 3 crashes.
Could this still be an issue with the F100E?
Thanks.
-----------------
SSH logs follow:
# diagnose debug crashlog read
<truncated to relevant datetime>
6138: 2024-02-09 14:02:49 the killed daemon is /bin/eap_proxy: status=0x0
6139: 2024-02-11 05:41:45 sslvpn watchdog timeout
6140: 2024-02-11 05:41:45 <00274> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)
6141: 2024-02-11 05:41:45 <00274> application sslvpnd
6142: 2024-02-11 05:41:45 <00274> *** signal 11 (Segmentation fault) received ***
6143: 2024-02-11 05:41:45 <00274> Register dump:
6144: 2024-02-11 05:41:45 <00274> R0: 36fb7adc R1: 00000005 R2: 3ec53480 R3: 00000005
6145: 2024-02-11 05:41:45 <00274> R4: 36b8f000 R5: 36fb7adc R6: 3ec53520 R7: 3ec53460
6146: 2024-02-11 05:41:45 <00274> R8: 3ec534b0 R9: 36f7c26c R10: 00000000 FP: 3ec5ff48
6147: 2024-02-11 05:41:45 <00274> IP: 36b8f048 SP: 3ec53460 LR: 36b7341f PC: 36b73192
6148: 2024-02-11 05:41:45 <00274> CPSR: 200f0030 Addr: 00000005
6149: 2024-02-11 05:41:45 <00274> Trap: 0000000e Error: 00000017 OldMask: 00002000
6150: 2024-02-11 05:41:45 <00274> Backtrace:
6151: 2024-02-11 05:41:45 <00274> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8 liboffset
6152: 2024-02-11 05:41:45 00004192
6153: 2024-02-11 05:41:45 <00274> fortidev 6.0.1.0005
6154: 2024-02-11 05:41:46 the killed daemon is /bin/sslvpnd: status=0xd
6155: 2024-02-11 05:56:24 sslvpn watchdog timeout
6156: 2024-02-11 05:56:24 sslvpnd previously crashed 1 times. The last crash was at 2024-02-11 05:41:45.
6157: 2024-02-11 05:56:24 <19636> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)
6158: 2024-02-11 05:56:24 <19636> application sslvpnd
6159: 2024-02-11 05:56:24 <19636> *** signal 11 (Segmentation fault) received ***
6160: 2024-02-11 05:56:24 <19636> Register dump:
6161: 2024-02-11 05:56:24 <19636> R0: 36fb7adc R1: 00000005 R2: 3ec53480 R3: 00000005
6162: 2024-02-11 05:56:24 <19636> R4: 36b8f000 R5: 36fb7adc R6: 3ec53520 R7: 3ec53460
6163: 2024-02-11 05:56:24 <19636> R8: 3ec534b0 R9: 36f7c26c R10: 00000000 FP: 3ec5ff48
6164: 2024-02-11 05:56:24 <19636> IP: 36b8f048 SP: 3ec53460 LR: 36b7341f PC: 36b73192
6165: 2024-02-11 05:56:24 <19636> CPSR: 200f0030 Addr: 00000005
6166: 2024-02-11 05:56:24 <19636> Trap: 0000000e Error: 00000017 OldMask: 00002000
6167: 2024-02-11 05:56:24 <19636> Backtrace:
6168: 2024-02-11 05:56:24 <19636> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8 liboffset
6169: 2024-02-11 05:56:24 00004192
6170: 2024-02-11 05:56:24 <19636> fortidev 6.0.1.0005
6171: 2024-02-11 06:11:05 sslvpn watchdog timeout
6172: 2024-02-11 06:11:05 sslvpnd previously crashed 2 times. The last crash was at 2024-02-11 05:56:24.
6173: 2024-02-11 06:11:05 <19637> firmware FortiGate-100E v7.2.7,build1577b1577,240131 (GA.M) (Release)
6174: 2024-02-11 06:11:05 <19637> application sslvpnd
6175: 2024-02-11 06:11:05 <19637> *** signal 11 (Segmentation fault) received ***
6176: 2024-02-11 06:11:05 <19637> Register dump:
6177: 2024-02-11 06:11:05 <19637> R0: 36fb7adc R1: 00000005 R2: 3ec53480 R3: 00000005
6178: 2024-02-11 06:11:05 <19637> R4: 36b8f000 R5: 36fb7adc R6: 3ec53520 R7: 3ec53460
6179: 2024-02-11 06:11:05 <19637> R8: 3ec534b0 R9: 36f7c26c R10: 00000000 FP: 3ec5ff48
6180: 2024-02-11 06:11:05 <19637> IP: 36b8f048 SP: 3ec53460 LR: 36b7341f PC: 36b73192
6181: 2024-02-11 06:11:05 <19637> CPSR: 200f0030 Addr: 00000005
6182: 2024-02-11 06:11:05 <19637> Trap: 0000000e Error: 00000017 OldMask: 00002000
6183: 2024-02-11 06:11:05 <19637> Backtrace:
6184: 2024-02-11 06:11:05 <19637> [0x36b73192] => /usr/lib/arm-linux-gnueabi/libunwind.so.8 liboffset
6185: 2024-02-11 06:11:05 00004192
6186: 2024-02-11 06:11:05 <19637> fortidev 6.0.1.0005
6187: 2024-02-11 07:11:08 sslvpnd crashed 3 times. The latest crash was at 2024-02-11 06:11:05.
Crash log interval is 3600 seconds
Max crash log line number: 16384
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @lm21108 ,
How often it crashes? Does it affect your traffic/VPN users/performances?
If it affects users connected, I would suggest you to open a ticket with our support so the crash can be investigated further, please.
Best regards,
It appears to have come right back up, no users were online (vpn) at that time so not sure about the effect from that standpoint. Only seems to be those 3 isolated events so far.
I will open a ticket though, if this is still an issue it will need to be fixed.
Thanks.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.