|
In scenarios where FortiGate works as a controller for FortiSwitch and FortiAP on a virtual environment, it is very probable that producing a FortiLink daemon starts to cause high CPU performance consumption.
Collect the output from the following commands before submitting a ticket with the TAC support team.
FortiGate commands:
fnsysctl date
get system status
get hardware status
diag sys top-all 2 50
diag sys top-mem 20
diagnose sys top-fd 20
diagnose debug crashlog read
get sys perf status
diag sys session stat
get sys perf firewall statistics
diag hardware sysinfo memory
diag hardware sysinfo slab
diagnose hardware sysinfo shm
Debug commands for (FortiSwitch-Controller):
diagnose debug application flcfgd -1
diagnose debug application cu_acd -1
diagnose debug application cw_acd -1
diagnose debug application fortilinkd -1
diagnose debug enable
diagnose switch-controller switch-info Switch information.
diagnose switch-controller system-info Switch-controller system information.
diagnose switch-controller restart-daemon Restart switch controller daemons.
diagnose switch-controller topology Topology commands.
diagnose switch-controller trigger Trigger switch controller processing.
diagnose switch-controller mac-cache Mac cache.
diagnose switch-controller telemetry FortiSwitch telemetry.
diagnose switch-controller traffic-capture Traffic capture.
diagnose switch-controller mac-device MAC devices.
diagnose switch-controller nac-tag Add, remove, or show MAC from NAC dynamic firewall tag.
Workaround:
A possible workaround on FortiOS 7.4.0 is to disable auto-authorize as below and see if things stabilize:
config system interface
edit fortilink
set auto-auth-extension-device disable
next
end
Note: By default, auto.authorize is enabled.
If it does not work, consider sharing the information with the TAC team and confirming whether it is a bug.
|
