Hello,

I have 2x Fortigate 200B with firmware  v4.0,build0632,120705 (MR3 Patch 8). not too much traffic and sessions: Ca 200 Mb/s , up to 10k ip packets/s , up to 15k active session. I have noticed that sometimes cpu is very high but only user part. It happens mostly, every 5-10 minutes for more less 10-20s but sometimes it takes much more time as You can see on day graph

 I did some debug but i can't see nothing wrong.   I turn off: snmp access, widget in dashborad, tune tcp timers but without success.  Still high cpu user. What can be reason of that? How can i debug this more deeply ? Below some of my ouputs

Big thanks for help

# get system performance status
CPU states: 1% user 25% system 0% nice 74% idle
CPU0 states: 1% user 25% system 0% nice 74% idle
Memory states: 64% used
Average network usage: 72437 kbps in 1 minute, 114673 kbps in 10 minutes, 110949 kbps in 30 minutes
Average sessions: 7546 sessions in 1 minute, 7650 sessions in 10 minutes, 8010 sessions in 30 minutes
Average session setup rate: 195 sessions per second in last 1 minute, 190 sessions per second in last 10 minutes, 194 sessions per second in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 162 days, 22 hours, 23 minutes

# get system performance status
CPU states: 73% user 26% system 0% nice 1% idle
CPU0 states: 73% user 26% system 0% nice 1% idle
Memory states: 64% used
Average network usage: 60414 kbps in 1 minute, 111938 kbps in 10 minutes, 109509 kbps in 30 minutes
Average sessions: 7830 sessions in 1 minute, 7743 sessions in 10 minutes, 7980 sessions in 30 minutes
Average session setup rate: 193 sessions per second in last 1 minute, 189 sessions per second in last 10 minutes, 193 sessions per second in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 162 days, 22 hours, 25 minutes

 # get system performance top
Run Time: 162 days, 22 hours and 25 minutes
7U, 29S, 64I; 1009T, 322F, 90KF
initXXXXXXXXXXX 1 S 0.0 1.1
cmdbsvr 49 S 0.0 3.7
zebos_launcher 71 S 0.0 1.2
uploadd 72 S 0.0 1.1
miglogd 73 R 0.0 2.7
miglogd 74 S 0.0 1.1
httpsd 75 S 0.0 1.8
nsm 76 S 0.0 0.3
ripd 77 S 0.0 0.2
ripngd 78 S 0.0 0.2
ospfd 79 S 0.0 0.2
proxyd 80 S 0.0 1.1
ospf6d 81 S 0.0 0.2
wad_diskd 82 S 0.0 2.4
bgpd 84 S 0.0 0.2
isisd 85 S 0.0 0.2
proxyacceptor 86 S 0.0 0.1
pimd 89 S 0.0 0.2
imd 90 S 0.0 1.4
ipsmonitor 92 S 0.0 1.1

 # show
config system global
    set admin-scp enable
    set admintimeout 480
    set fgd-alert-subscription advisory latest-threat
    set gui-ipv6 enable
    set hostname "FG200B3911111111"
    set refresh 5
    set service-expire-notification disable
    set strict-dirty-session-check disable
    set tcp-halfclose-timer 30
    set tcp-halfopen-timer 30
    set tcp-timewait-timer 10
    set timezone 29
    set tos-based-priority high
    set udp-idle-timer 60
end

 # diag sys session stat
misc info: session_count=8350 setup_rate=270 exp_count=4 clash=1556704
        memory_tension_drop=0 ephemeral=0/57344 removeable=0 ha_scan=1095
delete=0, flush=0, dev_down=0/0
TCP sessions:
         4 in NONE state
         1930 in ESTABLISHED state
         499 in SYN_SENT state
         7 in SYN_RECV state
         16 in FIN_WAIT state
         637 in TIME_WAIT state
         429 in CLOSE state
         170 in CLOSE_WAIT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=caa507cd
fqdn_count=00000002
tcp reset stat:
        syncqf=6319606 acceptqf=11167 no-listener=23653603 data=1 ses=76629 ips=0
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0