Posted in Firewall, networking

High CPU usage on Fortigate

   01/25/2022  Leave a comment

I was facing an issue with a cluster of two FGT 100D in 6.2.2. Event log was mentioning that CPU was high between 85 and 92% even if session numbers was low (8000) and memory usage was far way from conserve mode.

Even if customer didn’t complain about that, I manage to find the root cause of the high CPU usage.

Diag sys top shows us that the WAD process is pretty hungry for CPU:

FG100D3 (global) # diag sys top
Run Time: 90 days, 3 hours and 19 minutes
29U, 0N, 15S, 38I, 0WA, 0HI, 18SI, 0ST; 3954T, 1298F
wad 17691 R 70.6 1.2
wad 17693 R 65.6 1.1
authd 234 S 64.6 0.5
wad 17692 S 21.8 0.1
wad 17694 S 85.8 0.6

Fortinet is writing some good ressources to decrease CPU load on FGT. In my case I changed the TCP timer to close idle sessions faster. Then I modified the number of WAD process.
For the 100D it should be by default at 2 WAD process for this hardware. Not sure why, but it was the value 4 wich was configured.
Complete configuration applied is below:

config system global
set tcp-halfclose-timer 30
set tcp-halfopen-timer 30
set tcp-timewait-timer 0
set udp-idle-timer 60
set wad-worker-count 2
end

Then the CPU consumption was dropping to 45%.

Source :
https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-improve-Explicit-Proxy-performances-on/ta-p/193392?externalID=FD39695
https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/232929/troubleshooting-high-cpu-usage



Author: Kévin SAS

I am Kévin SAS and live in France. I am an engineer in network and security. I worked for a lot of customers in these domains : Wireless, LAN, Datacenter, VoIP with several brands like Cisco, HPE, Aruba, Palo Alto amongst others. Previously working for a service provider. I currently work for an integrator while giving me lots of opportunity to learn. This blog stores some technicals notes I wanted to share.

Leave a Reply

Your email address will not be published. Required fields are marked *