FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 192124

This article describes how to force restart internal processes and daemons, without the need to restart the whole unit.
All FortiGate and FortiMail units on v 4MR3, 5.0 and 5.2.


Some internal processes get stuck under certain conditions or is required to force them to reload in order to release memory and CPU resources.
On FortiMail, is use the below command:
# execute reload [<daemon_name>]
On FortiGate, the most common daemons could be restarted by using '# diagnose' command:
# diagnose test application <daemon_name> 99 
When the above procedures do not show the process has restarted, then it could be necessary to kill the process.
The kill instruction should be used as the last resort before a reboot of the unit.
The format of the command to use is:
# diagnose sys kill <sig_term> <pid>
The process ID (pid) could be taken from the second column of the command '# diagnose sys top'.
For example:
# diagnose sys top
Run Time:  2 days, 16 hours and 48 minutes
0U, 0S, 100I; 442T, 154F, 127KF
       scanunitd      519      R       4.7     3.2
       ipsengine       63      S <     0.0     8.4
         pyfcgid      511      S       0.0     4.9
In this example, the 'ipsengine' process has the pid '63'.
Although the <sig_term> is mostly the same as those used on Unix/Unix-like platforms, is recommended to use only SIGSEGV (11), SIGINT (2), SIGTERM(15) or SIGKILL(9) in that order.
SIGSEGV (11): is used to terminate the process and dump a crash exit into the crashlog (diag debug crashlog read). This is helpful for troubleshooting that process.
SIGINT (2): is used as for example the user hits 'Ctrl-C' on keyboard to end a process.
SIGTERM (15): is a 'polite' termination signal, asking the process to close connections, files, handlers, buffer, etc. For device stability is the recommended way to end a process.
SIGKILL (9): This is a mandatory termination of the process. This signal could not be ignored by system (except by specific conditions where system is waiting the process to free physical I/O resources). This kind of signal could leave sessions and files opened.
In the above example, to kill process 'ipsengine', it is possible to perform the following:
# diagnose sys kill 11 63

Related Articles

Technical Tip: How to list processes in FortiOS

Technical Tip:Diagnose sys top CLI command