Fortigate 90d running 5.4.2, happened on 5.4.1 as well.
Very often, my FG90D is at very high CPU utilization.
Diag sys top shows reportd is always the culprit.
I've tried a lot of things, and cannot resolve the issue.
Log Settings -> Enable Local Reports is off.
It has a very basic configuration, can easily be rebuilt.
Does anyone have any ideas?
(I've killed reportd, it comes back some time later. I've tried different firmware versions, same problem)
Diag sys top results:
un Time: 18 days, 3 hours and 29 minutes
97U, 2N, 0S, 1I; 1839T, 1122F
reportd 1404 R 97.4 0.8
httpsd 132 S 0.7 1.4
newcli 2512 R 0.7 0.8
httpsd 133 S 0.3 1.4
httpsd 2507 S 0.1 1.2
cw_acd 108 S 0.1 1.1
iked 86 S 0.1 0.7
ipsengine 2363 S < 0.0 4.5
dnsproxy 105 S 0.0 2.1
pyfcgid 2484 S 0.0 1.7
cmdbsvr 39 S 0.0 1.6
pyfcgid 2483 S 0.0 1.5
pyfcgid 2482 S 0.0 1.5
pyfcgid 2481 S 0.0 1.4
scanunitd 2371 S < 0.0 1.4
scanunitd 2372 S < 0.0 1.4
ipshelper 2362 S < 0.0 1.4
scanunitd 85 S < 0.0 1.4
sslvpnd 76 S 0.0 1.3
miglogd 58 S 0.0 1.2
fg90d #
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Same thing here, on 5.4.2 on a 90D. Also see "netscan" jumping up as well.
If there were a way to make "reportd" and "netscan" into "low priority" (shows as "N" on diag sys top) I wouldn't have a problem, but as it is "reportd" grabs so many CPU cycles that it's impacting users
Did you every find a solution for this? I am having the exact same problem, and it happens very often (every hour or so). Reportd suddenly using 99% CPU, which stops when I kill it (and it automatically reloads). Then, before too long, it happens again. I am still setting up this unit for the first time, so I have a very simple setup (nearly stock) and just a couple computers sitting on it, in a test environment. I have a Fortigate 90D running 5.4.3.
We've found other things that drive the CPU nuts, one is VPN'ing out with SSLVPN back into the same subnet, but that makes sslvpnd go high CPU, not reportd and not netscan. And a simple rule blocks the SSLVPN loopback.
Wish I had an answer to the reportd load problem other than a multi-core new box (like the 61E instead of 90D we have).
Do you have any policies in learning mode? We've found that as soon as any sustained traffic hits that policy it causes reportd to spike and drag down performance.
Nothing in Learning. Just went to 5.4.3 this morning (from 5.4.2), netscan still sucks the whole CPU, haven't caught reportd doing it but I may not have been looking when it did.
No policies in learning mode.
Also, the problem continues in 4.3.
Hi tedb,
Do you have any example to show how to block the ssvpn to loopback to the same subnet?
Thanks
Ivan
I do not have any policies in learning mode. I also tried executing a factory reset, and the problem still occurred even with only 2 WAN interfaces and one hardware switch with 802.1x authentication and DHCP defined, three IPV4 policies, a RADIUS and RSSO server, and one RSSO group. Those were literally the only things configured after the factory reset, and reportd still jumped up to 99%.
Similar problem here. High CPU with reportd as the culprit. Killing process doesn't help. Running 5.4.1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.