Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff

Created on ‎06-24-2014 07:18 AM Edited on ‎01-06-2022 05:56 AM By Community Manager

Article Id 192124

Technical Tip: Restarting internal processess/daemons

Description
This article describes how to force restart internal processes and daemons, without the need to restart the whole unit.
Scope
All FortiGate and FortiMail units on v 4MR3, 5.0 and 5.2.

Solution

Some internal processes get stuck under certain conditions or is required to force them to reload in order to release memory and CPU resources.
 
On FortiMail, is use the below command:
 
# execute reload [<daemon_name>]
 
On FortiGate, the most common daemons could be restarted by using '# diagnose' command:
 
# diagnose test application <daemon_name> 99 
 
When the above procedures do not show the process has restarted, then it could be necessary to kill the process.
 
The kill instruction should be used as the last resort before a reboot of the unit.
 
The format of the command to use is:
 
# diagnose sys kill <sig_term> <pid>
 
The process ID (pid) could be taken from the second column of the command '# diagnose sys top'.
 
For example:
 
# diagnose sys top
 
Run Time:  2 days, 16 hours and 48 minutes
0U, 0S, 100I; 442T, 154F, 127KF
       scanunitd      519      R       4.7     3.2
       ipsengine       63      S <     0.0     8.4
         pyfcgid      511      S       0.0     4.9
 
In this example, the 'ipsengine' process has the pid '63'.
 
Although the <sig_term> is mostly the same as those used on Unix/Unix-like platforms, is recommended to use only SIGSEGV (11), SIGINT (2), SIGTERM(15) or SIGKILL(9) in that order.
 
SIGSEGV (11): is used to terminate the process and dump a crash exit into the crashlog (diag debug crashlog read). This is helpful for troubleshooting that process.
SIGINT (2): is used as for example the user hits 'Ctrl-C' on keyboard to end a process.
SIGTERM (15): is a 'polite' termination signal, asking the process to close connections, files, handlers, buffer, etc. For device stability is the recommended way to end a process.
SIGKILL (9): This is a mandatory termination of the process. This signal could not be ignored by system (except by specific conditions where system is waiting the process to free physical I/O resources). This kind of signal could leave sessions and files opened.
 
In the above example, to kill process 'ipsengine', it is possible to perform the following:
 
# diagnose sys kill 11 63

Related Articles

Technical Tip: How to list processes in FortiOS

Technical Tip:Diagnose sys top CLI command

22921
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.