high CPU with OS 6.2.10

RolandBaumgaertner72 · ‎02-09-2022

Hey,

I have a FG with 6.2.10 (updated some time ago) and today we got massive CPU usage (85-95%) and user couldnt navigate, etc.

First we tried disabling lots of features like IPS, etc. In the policies we only left AV. Than we rebooted like 5 times and nothing, after the reboot it gets really fast to > 90% again.XXXX # get system performance status
CPU states: 14% user 74% system 0% nice 12% idle 0% iowait 0% irq 0% softirq
CPU0 states: 13% user 78% system 0% nice 9% idle 0% iowait 0% irq 0% softirq
CPU1 states: 15% user 71% system 0% nice 14% idle 0% iowait 0% irq 0% softirq
Memory: 1032980k total, 609936k used (59.0%), 397780k free (38.5%), 25264k freeable (2.5%)
Average network usage: 81 / 41 kbps in 1 minute, 75 / 36 kbps in 10 minutes, 193 / 174 kbps in 30 minutes
Average sessions: 549 sessions in 1 minute, 487 sessions in 10 minutes, 481 sessions in 30 minutes
Average session setup rate: 2 sessions per second in last 1 minute, 2 sessions per second in last 10 minutes, 3 sessions per second in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 0 days, 0 hours, 51 minutes

XXXX # diag sys top
Run Time: 0 days, 0 hours and 52 minutes
13U, 0N, 77S, 10I, 0WA, 0HI, 0SI, 0ST; 1008T, 393F
ipsmonitor 24407 S 12.8 0.6
src-vis 153 S 0.9 1.2
merged_daemons 122 S 0.9 0.6
cmdbsvr 102 S 0.4 2.8
forticron 126 S 0.4 1.5
scanunitd 25898 S < 0.4 1.4
extenderd 181 S 0.4 0.9
iked 149 S 0.4 0.8
fcnacd 184 S 0.4 0.8
newcli 7600 R 0.4 0.6
urlfilter 209 S < 0.4 0.6
dnsproxy 168 S 0.4 0.6
alertmail 167 S 0.4 0.6
ipshelper 24409 S < 0.0 2.4
sslvpnd 135 S 0.0 2.1
cw_acd 172 S 0.0 1.9
httpsd 118 S 0.0 1.8
scanunitd 148 S < 0.0 1.6
miglogd 116 S 0.0 1.5
miglogd 196 S 0.0 1.4
Run Time: 0 days, 0 hours and 52 minutes
12U, 0N, 77S, 11I, 0WA, 0HI, 0SI, 0ST; 1008T, 403F
ipsmonitor 24407 R 12.0 0.6
merged_daemons 122 S 0.9 0.6
src-vis 153 S 0.5 1.2
cw_acd 172 S 0.3 1.9
lnkmtd 164 S 0.3 0.9
fcnacd 184 S 0.3 0.8
snmpd 151 S 0.3 0.7
newcli 7600 R 0.3 0.6
clearpass 130 S 0.3 0.5
ipshelper 24409 S < 0.1 2.4
miglogd 196 S 0.1 1.4
quard 163 S 0.1 0.9
cu_acd 176 S 0.1 0.9
dhcpd 152 S 0.1 0.7
zebos_launcher 108 S 0.1 0.6
fortilinkd 175 S 0.1 0.6
urlfilter 209 S < 0.1 0.6
sshd 23014 S 0.1 0.6
fsd 179 S 0.1 0.5
cmdbsvr 102 S 0.0 2.8
Run Time: 0 days, 0 hours and 52 minutes
13U, 0N, 76S, 11I, 0WA, 0HI, 0SI, 0ST; 1008T, 401F
ipsmonitor 24407 S 11.6 0.6
merged_daemons 122 S 0.7 0.6
ipshelper 24409 S < 0.5 2.4
src-vis 153 S 0.5 1.2
lnkmtd 164 S 0.3 0.9
extenderd 181 S 0.3 0.9
cw_acd 172 S 0.1 1.9
miglogd 116 S 0.1 1.5
forticron 126 S 0.1 1.5
initXXXXXXXXXXX 1 S 0.1 1.1
iked 149 S 0.1 0.8
fcnacd 184 S 0.1 0.8
cw_acd_helper 173 S 0.1 0.7
dhcpd 152 S 0.1 0.7
newcli 7600 R 0.1 0.6
flcfgd 177 S 0.1 0.6
fortilinkd 175 S 0.1 0.6
sshd 23014 S 0.1 0.6
fsvrd 162 S 0.1 0.5
fsd 179 S 0.1 0.5

i tried restart some of the proceses but nothing.

Any ideas? Thanks!

metz_FTNT · ‎02-10-2022

Hello,

Looks like Fortigate 30E. It's a known issue in 6.2.10. Currently the only practical option is to downgrade back to 6.2.9. Should be fixed in 6.2.11