I was facing an issue with a cluster of two FGT 100D in 6.2.2. Event log was mentioning that CPU was high between 85 and 92% even if session numbers was low (8000) and memory usage was far way from conserve mode.
Even if customer didn’t complain about that, I manage to find the root cause of the high CPU usage.
Diag sys top shows us that the WAD process is pretty hungry for CPU:
FG100D3 (global) # diag sys top
Run Time: 90 days, 3 hours and 19 minutes
29U, 0N, 15S, 38I, 0WA, 0HI, 18SI, 0ST; 3954T, 1298F
wad 17691 R 70.6 1.2
wad 17693 R 65.6 1.1
authd 234 S 64.6 0.5
wad 17692 S 21.8 0.1
wad 17694 S 85.8 0.6
Fortinet is writing some good ressources to decrease CPU load on FGT. In my case I changed the TCP timer to close idle sessions faster. Then I modified the number of WAD process.
For the 100D it should be by default at 2 WAD process for this hardware. Not sure why, but it was the value 4 wich was configured.
Complete configuration applied is below:
config system global
set tcp-halfclose-timer 30
set tcp-halfopen-timer 30
set tcp-timewait-timer 0
set udp-idle-timer 60
set wad-worker-count 2
Then the CPU consumption was dropping to 45%.