Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
philanig
New Contributor

Authd process consuming High CPU

Hi There,

 

We have a problem that started a couple of weeks where the CPU is literally maxing out and when doing a sys diag top, there are two authd processes that are using most of the CPU.

I've tried looking around our FSSO agent to see what could be causing this issue but cant really find anything.

 

this is on a vdom running 5.6 and its the only vdom on the unit (200D)

we have FSSO agents on two DCs and about 500 users.

 

Any suggestions?

4 REPLIES 4
Fishbone_FTNT

Hi,

authd serves 2 purposes: - FSSO client (connecting to FSSO CAs)

- serves logon portal on Fortigate (default tcp/1000 and tcp/1003)

 

Typically such issues are caused by someone who is hammering logon portal with bulk traffic, or the traffic is legit traffic, but it reaches authd portal for i.e. NTLM authentication as the backup for FSSO.

 

Quick and dirty fix could be to try:

config user setting     set auth-blackout-time 5 end

 

which would prevent IP addresses failed to authenticate to reach logon portal for 5 seconds. Which is usually fair.

Adjust to your liking. It might help immediately, but good would be to look for reasons and hunt the root cause.

 

hth,

Fishbone)(

smithproxy hacker - www.smithproxy.org

philanig

Hi Fishbone,

 

Thank you for your prompt response, I'm a newbie to FG, is there a log somewhere I can look at that will show the logon portal attempts? 

philanig

Hi

 

I did the command as you suggested at it dropped right to nothing, thank you for the help

srinivaskv

Hi Fishbone,

 

  Thanks for your answer. I tried 5 secs. initially cpu fell few pts and then came back up. So I change the timeout to 10 secs. Now CPU is oscillating between 60 - 90%. Is there any way to know which ip addresses are doing this incessant authentications.

Labels
Top Kudoed Authors