Fortinet 654 FortiWeb 5.0 Patch 6 Administration Guide
or supports deprecated or old versions such as SSL 2.0:
openssl s_client -ssl2 -connect example.com:443
Resource issues
This section includes troubleshooting questions related to sluggish or stalled performance.
Is a process consuming too much system resources?
See “Killing system-intensive processes” on page 654.
Is a server under attack?
See “Preparing for attacks” on page 655.
Has there been a sustained spike in HTTP traffic related to a specific policy?
See “Monitoring traffic load” on page 654.

Killing system-intensive processes

Use the CLI to view the per-CPU/core process load level and a list of the most system-intensive
processes. This may show processes that are consuming resources unusually. For example:
diagnose system top 10
The above command generates a report of processes every 10 seconds. The report provides
the process names, their process ID (pid), status, CPU usage, and memory usage.
The report continues to refresh and display in the CLI until you press q (quit).
Once you locate an offending PID, you can terminate it:
diagnose system kill 9 <pid_int>
To determine if high load is frequently a problem, you can display the average load level by
using these CLI commands:
get system performance
diagnose system load
For more information, see the FortiWeb CLI Reference.
If the issue recurs, and corresponds with a signature or configuration change, you may need to
optimize regular expressions to prevent the issue from recurring. See “Debugging the packet
processing flow” on page 653 and “Regular expression performance tips” on page 615.

Monitoring traffic load

Heavy traffic loads can cause sustained high CPU or RAM usage. If this is unusual, no action
may be required, unless you are being subject to a DoS attack. Sustained heavy traffic load may
indicate that you need a more powerful model of FortiWeb.
If your web servers are required to comply with PCI DSS, you should make sure that your web
servers do not allow weak encryption. For example, if your web servers accept SSL 2.0 or MD5
hashes, you may fail your PCI DSS audit.