Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff

Created on ‎06-24-2014 07:18 AM Edited on ‎04-07-2025 10:37 PM By Community Manager

Article Id 192124

Technical Tip: Restarting internal processes/daemons

Description


This article describes how to force restart internal processes and daemons without restarting the whole unit.


Scope


FortiGate, FortiMail.

Solution

 

Some internal processes get stuck under certain conditions or is required to force them to reload in order to release memory and CPU resources.
 
On FortiMail, is use the below command:
 
execute reload <daemon_name>
 
On FortiGate, the most common daemons could be restarted by using '# diagnose' command:
 
diagnose test application <daemon_name> 99 
 
When the above procedures do not show the process has restarted, then it could be necessary to kill the process.
 
The kill instruction should be used as the last resort before a reboot of the unit.
 
The format of the command to use is:
 
diagnose sys kill <sig_term> <pid>
 
The process ID (pid) could be taken from the second column of the command '# diagnose sys top'.
 
For example:
 
diagnose sys top
 
Run Time:  2 days, 16 hours and 48 minutes
0U, 0S, 100I; 442T, 154F, 127KF
       scanunitd      519      R       4.7     3.2
       ipsengine       63      S <     0.0     8.4
         pyfcgid      511      S       0.0     4.9
 
In this example, the 'ipsengine' process has the pid '63'.
 
Although the <sig_term> is mostly the same as those used on Unix/Unix-like platforms, is recommended to use only SIGSEGV (11), SIGINT (2), SIGTERM(15) or SIGKILL(9) in that order.
 
SIGSEGV (11): is used to terminate the process and dump a crash exit into the crashlog (diag debug crashlog read). This is helpful for troubleshooting that process.
SIGINT (2): is used as for example the user hits 'Ctrl-C' on keyboard to end a process.
SIGTERM (15): is a 'polite' termination signal, asking the process to close connections, files, handlers, buffer, etc. For device stability is the recommended way to end a process.
SIGKILL (9): This is a mandatory termination of the process. This signal could not be ignored by system (except by specific conditions where system is waiting the process to free physical I/O resources). This kind of signal could leave sessions and files opened.
 
In the above example, to kill process 'ipsengine', it is possible to perform the following:
 
# diagnose sys kill 11 63

Note: 

 

Alternatively, to kill or restart all related processes at once can be done using the following "killall" command:

 

fnsysctl killall <process name> 
fnsysctl killall httpsd <<--- it will restart all httpsd processes at once

 

Related articles:

Technical Tip: How to list processes in FortiOS

Technical Tip:Diagnose sys top CLI command

Technical Tip: Find and restart/kill a process on a FortiGate by the process ID (PID) via pidof 

31510
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.