Hello! I Use FortiGate-60D with 5.2 GA. I have situation when some thing in my network (how I think from one of my users computer) overload my fortigate device during workday. I enter command diag sys top-summary '-s mem' and see that service PROXYD have high load (~70% CPU) every 30 minutes for 1-2 minutes. During that time all users can't use internet or email (they are extremely slow or don't work) Can I see more detailed what load that service? How? Thank you!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The answer is: i has corrupted POP3 connection from one of my computer, when user try to establish it all Fortigate device was loaded to 100% until connection close by timeout. Next time outlook try to connect (between 30 minutes or user manual by pressing "F9" to refresh) device again was loaded. I found user, clean remote mailbox, and all back to normal state!
How did you find the source of what was overloading your proxyd?
I currently have one of my fortigates doing the same thing and nothing obvious that myself, or the TAC could find. :\ Yet it spikes over 95% and starts failing open, or I have to reboot.
Cheers.
FCNSP
-------------------------------------
"They have us surrounded again, those poor bastards."
-Unnamed Medic
Hello Abe!
First I use command "diag sys top-summary '-s mem'" (without ") to look after proxyd process, then I try to find out how often I have this high load, after I found that I have this bad connection every 30 minutes I try to remember what exactly in my home network scheduled to every 30 minutes connection, almost immediately I remember that I have only one software that have connection every 30 minutes to internet - Outlook. At lunch I check every computer in network for connection and find what computer have bad Outlook request (start mail exchange and back to my workplace to check is that connection bring high load).
So! First - check time period! Second - find software what have that period connection! Third - find the PC!
Hope that clear to you, sorry for bad language! ;)
One more advice, upgrade your device to new firmware (if not yet), long time I used 5.2.4 with some SSL bugs confirmed, after I update to 5.2.8 it start works little easier, but be careful with 5.2.9 it buggy for some devices (look new topics here).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.