Fortinet Fortigate Internet Traffic Halts – CPU At 99%

Ran into a wonderful situation yesterday on a Fortinet Fortigate 100C where, every hour on the half hour the internet traffic would cease passing through the router.

The solution was to reboot the firewall.

Turns out, there was a bug in the 4.2 firmware (4.0 build 0272) with the NIDS signature. I believe it was triggered when our Trend Micro Worry Free Business Security Advanced server would try to update (hence the every hour on the half hour).

This was diagnosed via the CLI command:

Diag Sys Top 1

Let that run for a few seconds, then hit CTRL-C to stop.

IPSEngine was using 90+ % CPU (the first decimal number in the 2nd to last column is CPU usage, the last is memory usage)

Fortinet support sent me the newer NIDS signature manually, which should be automatic later today.

Fun times.

{ 3 comments… read them below or add one }

David GH January 17, 2013 at 6:58 am

Hello,

I have a Fortigate 3810A running 4.0 MR3 Patch 10.

Documentation says i have 4 CPUs but only CPU3 is ‘working’.

FW(global) # get system performance status
CPU states: 3% user 26% system 0% nice 71% idle
CPU0 states: 4% user 3% system 0% nice 93% idle
CPU1 states: 8% user 3% system 0% nice 89% idle
CPU2 states: 1% user 0% system 0% nice 99% idle
CPU3 states: 0% user 97% system 0% nice 3% idle

Why are the other 3 CPUs not used?

Do you have any idea why my CPU hits 100% on CPU3?

Can i share the load across all CPUs?

Kindly advice.

Thank you
David

admin January 17, 2013 at 8:03 am

David,

Wish I could help but I don’t have any experience with that unit.

Best I could suggest would be the user forum (which I haven’t been on in a while because it didn’t seem active and helpful) or contact support.

Fortinet keeps winning awards, their stock price goes up, but support sure isn’t what it was in the old days.

Best,
Roger

David GH January 17, 2013 at 8:22 am

Thank you Roger.

Will try the user forum or contact support.

Best Regards
David

Leave a Comment

Previous post:

Next post: