High CPU usage per core(s) for Fortinet




High CPU usage is a symptom of a system which is unable to handle the required load or a symptom of a specific issue with the system and the applications and services running on it. Indeni will monitor the CPU usage of each core separately and alert if any of the cores' CPU usage crosses the threshold.

Remediation Steps

Determine the cause for the high CPU usage of the listed cores.

1. Login via https to the Fortinet firewall and go to menu "System > Dashboard > Status" and look at the system resources widget to review the current CPU utilization graph.
2. Login via ssh to the Fortinet firewall and run the FortiOS command "get system performance status". The first line of output shows the CPU usage by category. The other lines of the output, such as average network usage, average session setup rate, viruses caught, and IPS attacks blocked can also help to determine why system resource usage is high. For example, if network usage is high it will result in high traffic processing on the FortiGate; or if the session setup rate is very low or zero the proxy may be overloaded and not able to do its job.
3. Login via ssh to the Fortinet firewall and run the FortiOS command "get system performance top". This command shows all the top processes running on the FortiGate unit and their CPU usage. If a process is using most of the CPU cycles, investigate it to determine if it’s normal activity. If the top few entries are using most of the CPU, note which processes they are and investigate those features to try and reduce their CPU load. Some common examples of processes you will see include: ipsengine, scanunitd (antivirus), iked and sshd.
4. For more information review: https://docs.fortinet.com/uploaded/files/2924/troubleshooting-54.pdf
5. If the problem persists, contact Fortinet Technical support at https://support.fortinet.com/ for further assistance.

How does this work?

Indeni uses the built-in Fortinet "get system performance status" command to retrieve the device CPU utilization.

Why is this important?

If the firewall CPU becomes fully utilized, performance may be impacted and traffic may be dropped, and in extreme cases the firewall could crash. It is critical to monitor the memory usage and handle the issue prior to resource exhaustion.

Without Indeni how would you find this?

An administrator could login and manually run the command via CLI, check the system resources widget via the GUI, enable SNMP, configure a syslog server for a log message every 5 minutes containing the utilization, or use Fortinet FortiAnalyzer.

View Source Code