If you run into problems with your firewall CPU running unexpectedly high there are a couple of things you can do to diagnose the problem before engaging Fortinet Support.
First of all try to understand which process is causing the problem. In order to narrow it down issue the following command on the command line:
# diag sys top 1
This will list the running processes and their memory and CPU utilization with a refresh rate of 1 second.
You'll get output similar to the following:
Run Time: 1 days, 18 hours and 52 minutes
0U, 7S, 91I; 439T, 156F, 121KF
ipsengine 53 S < 94.6 22.1
newcli 182 R 3.7 3.2
sshd 180 S 2.8 2.5
dhcpcd 65 S 0.9 2.5
cmdbsvr 20 S 0.0 4.8
Press "q" to return to the command prompt.
Looking at the above output we can tell that the ipsengine, which is responsible for intrusion prevention functionality, is consuming 94.6% CPU time. This is unusually high and can have a number of root causes.
Below are a number of CLI commands you can issue to try and correct the problem in the short term.
# diag test application ipsmonitor
IPS Engine Test Usage: (Values for
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor
The most common command that we issue to deal with the IPS Engine running high is the following which restarts the IPS process:
# diag test application ipsmonitor 99
Yeah, realy useful command :-)
ReplyDeleteDoes anybody know, what is FortiOS? Is it Linux/BSD based or homemade OS?
It is linux.
ReplyDeleteThey got into trouble many years back about the GPL license..
http://tinyurl.com/432d7r5
More useful commands please!
ReplyDelete