This article describes how to force restart internal processes and daemons, without the need to restart the whole unit.
All FortiGate and FortiMail units on v 4MR3, 5.0 and 5.2.
# execute reload [<daemon_name>]
On FortiGate, the most common daemons could be restarted by using '# diagnose' command:
# diagnose test application <daemon_name> 99
When the above procedures do not show the process has restarted, then it could be necessary to kill the process.The kill instruction should be used as the last resort before a reboot of the unit.The format of the command to use is:
# diagnose sys kill <sig_term> <pid>
The process ID (pid) could be taken from the second column of the command '# diagnose sys top'.For example:
# diagnose sys topRun Time: 2 days, 16 hours and 48 minutes0U, 0S, 100I; 442T, 154F, 127KFscanunitd 519 R 4.7 3.2ipsengine 63 S < 0.0 8.4pyfcgid 511 S 0.0 4.9
In this example, the 'ipsengine' process has the pid '63'.Although the <sig_term> is mostly the same as those used on Unix/Unix-like platforms, is recommended to use only SIGSEGV (11), SIGINT (2), SIGTERM(15) or SIGKILL(9) in that order.SIGSEGV (11): is used to terminate the process and dump a crash exit into the crashlog (diag debug crashlog read). This is helpful for troubleshooting that process.SIGINT (2): is used as for example the user hits 'Ctrl-C' on keyboard to end a process.SIGTERM (15): is a 'polite' termination signal, asking the process to close connections, files, handlers, buffer, etc. For device stability is the recommended way to end a process.SIGKILL (9): This is a mandatory termination of the process. This signal could not be ignored by system (except by specific conditions where system is waiting the process to free physical I/O resources). This kind of signal could leave sessions and files opened.In the above example, to kill process 'ipsengine', it is possible to perform the following:
# diagnose sys kill 11 63