FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes about Persistent high CPU usage on slave unit of a FortiGate HA active-active cluster.
Scope
FortiGate 2.80 configured in HA active-active mode
Solution
Issue
The CPU usage on the slave member remains above 90% for a persistent amount of time. The diag sys top command (issued on the slave unit) reveals that it is the ha process which excessively consumes the CPU resources.
Possible cause:
There may be errors or collisions on the HA (heartbeat) link(s). Use the diag hard dev nic <interface_name> command to view the ethernet statistics of your interfaces. The various error and collisions counters should be zero (or not increasing over time). Collisions or errors are usually caused by improper FortiGate interface and switch settings.
FortiGate interface settings are configured as follows:
# config system int edit internal set speed
100full 100M full-duplex 100half 100M half-duplex 10full 10M full-duplex 10half 10M half-duplex auto auto
