Checking CPU and memory resources

Check the CPU and memory resources when the FortiGate is not working, the network is slow, or there is a reduced firewall session setup rate. All processes share the system resources in FortiOS, including CPU and memory.

To view system resources in the GUI:

Go to Dashboard > Status.

The resource information is located in the CPU and Memory widgets. For information, see Dashboards and Monitors.

To view system resources in the CLI:

get system performance status

Sample output:

FGT# get system performance status

CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU1 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU2 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

CPU3 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

Memory: 4050332k total, 527148k used (13%), 3381312k free (83%), 141872k freeable (3%)

Average network usage: 41 / 28 kbps in 1 minute, 54 / 44 kbps in 10 minutes, 42 / 34 kbps in 30 minutes

Average sessions: 33 sessions in 1 minute, 48 sessions in 10 minutes, 38 sessions in 30 minutes

Average session setup rate: 0 sessions per second in last 1 minute, 0 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutes

Virus caught: 0 total in 1 minute

IPS attacks blocked: 0 total in 1 minute

Uptime: 0 days, 22 hours, 59 minutes

The first line of the output shows the CPU usage by category:

CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq

The second line of the output shows the memory usage:

Memory: 4050332k total, 527148k used (13%), 3381312k free (83%), 141872k freeable (3%)

Memory usage should not exceed 90%. Using too much memory prevents some processes from functioning properly. For example, if the system is running low on memory, antivirus scanning enters into failopen mode where it drops connections or bypasses the antivirus system.

Other lines of output, such as average network usage, average session setup rate, viruses caught, and IPS attacks blocked, help determine why system resource usage is high.

For example:

  • A high average network usage may indicate high traffic processing on the FortiGate,
  • A very low or zero, average session setup rate may indicate the proxy is overloaded and unable to do its job.

Troubleshooting CPU and network resources

FortiGate has stopped working

If the FortiGate has stopped working, the first line of the output will look similar to this:

CPU states: 0% user 0% system 0% nice 100% idle

Network is slow