I have a Fortigate 1000D (5.4.5) cluster (2 in Active-Active) in flow mode, 2 vdoms, 4000 users and 1000Mbits Internet Link with 4 squids (as non-transparents proxys for my users) loadbalanced by the Fortigates.
I Have two vdoms, the Root vdom that takes care of all my production servers, and another vdom, called INTERNET, that takes care of my Internet access using non-transparent squid proxy. In this setup the CPU of my cluster is really low (unit 1 20% and unit 2 in 8%)
The problem is that I need to change from flow to Proxy-mode for my Internet VDOM, but when I change it, the CPU of my unit 1 goes to 100% use (the unit 2 falls to 1%, so it´s not load balancing anything) with many WAD process using all my CPU.
I know that the WAD process is used for Wan accelarator, explict proxy and cache, but the strange is that any of this functions is enabled, even the disk is formated only for Logs.
I have this problem since 5.4.4, I have upgraded to 5.4.5 to see if resolves my problem, but it does not. This FG starts it life using the 5.4.0, and have made every single upgrade to the newest 5.4.5.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.