Fortinet v7.0.5 Memory and CPU Bug in the FortiOS webproxy (WAD) process.

Fortinet v7.0.5 Memory and CPU Bug in the FortiOS webproxy (WAD) process.

Joe Brunner Joe Brunner

Joe Brunner

Affirmed Systems CEO, CLOUD ASSURE?

发布日期: 2022年5月12日
+ 关注

End user reports there is a massive bug in 7.0.5 with a memory leak in the WAD process. They are led to believe by Fortigate support techs that the issue stems from using LDAP and they recommend not using LDAP to fix the issue. We are seeing it listed as fixed in 7.2.0, but history has taught us that getting in a FG release at a .0 release is a poor decision. Anyone know how often Fortinet usually drops updates? They have been waiting for 7.0.6 for a few weeks now, but so far nothing.

Solution: You can restart the wad process with minimal impact. You can even do it regularly.

Place a script that will restart the process before it hits conserve mode. The larger issue is the slowness that seems to have come along with the bug that only seems to be solved by a full restart of the primary unit.

We got confirmation that the bug is fixed in 7.0.6 and that they plan to release it in week 21. A possible workaround is to lower the amount of wad processes allowed to start.

For now let's configure a script to restart WAD process to avoid memory leaks.

Workaround:

Use the following command for a FortiGate without VDOMs:

#config system auto-script
edit restart_wad
set interval 43200
set repeat 356
set start auto
set script 'diag test app wad 99'
next
end

?

Use the following command in case FortiGate has VDOMs:
#config system auto-script
edit restart_wad
set interval 43200
set repeat 356
set start auto
set script '
config global
diag test app wad 99'
next
end
This specific script will run every 12 hours and for 356 times. Change the settings to required need or remove the script once the permanent solution is available.

要查看或添加评论,请登录

更多精彩文章

社区洞察

其他会员也浏览了