Fortinet 5.0 Patch 6 Resource issues

Fortinet 654 FortiWeb 5.0 Patch 6 Administration Guide

or supports deprecated or old versions such as SSL 2.0:

openssl s_client -ssl2 -connect example.com:443

Resource issues

This section includes troubleshooting questions related to sluggish or stalled performance.

• Is a process consuming too much system resources?

See “Killing system-intensive processes” on page 654.

• Is a server under attack?

See “Preparing for attacks” on page 655.

• Has there been a sustained spike in HTTP traffic related to a specific policy?

See “Monitoring traffic load” on page 654.

Use the CLI to view the per-CPU/core process load level and a list of the most system-intensive

processes. This may show processes that are consuming resources unusually. For example:

diagnose system top 10

The above command generates a report of processes every 10 seconds. The report provides

the process names, their process ID (pid), status, CPU usage, and memory usage.

The report continues to refresh and display in the CLI until you press q (quit).

Once you locate an offending PID, you can terminate it:

diagnose system kill 9 <pid_int>

To determine if high load is frequently a problem, you can display the average load level by

using these CLI commands:

get system performance

diagnose system load

For more information, see the FortiWeb CLI Reference.

If the issue recurs, and corresponds with a signature or configuration change, you may need to

optimize regular expressions to prevent the issue from recurring. See “Debugging the packet

processing flow” on page 653 and “Regular expression performance tips” on page 615.

Heavy traffic loads can cause sustained high CPU or RAM usage. If this is unusual, no action

may be required, unless you are being subject to a DoS attack. Sustained heavy traffic load may

indicate that you need a more powerful model of FortiWeb.

If your web servers are required to comply with PCI DSS, you should make sure that your web

servers do not allow weak encryption. For example, if your web servers accept SSL 2.0 or MD5

hashes, you may fail your PCI DSS audit.