Fortigate : Restart IPS Service

Fortigate : Restart IPS Service

http://www.it-community.ec0.fr/en/2015/06/reseau/redemarrer-le-service-ips-fortigate.html

Summary [Masquer]

I.presentation
II. example
III. more information about the "diag test app ipsmonitor" command

Redémarrer le service IPS
I.presentation

In some cases it may be useful to be able to restart the service on a Fortigate that it is dedicated or virtual IPS.

So, I will present to you in this short article the solution to restart full IPS without a reboot of the firewall.
II. example

In some cases, we can have a “CPU usage” abnormally high.

To help identify the cause of the CPU usage, it must first connect on the firewall in cli and enter the following command:
diagnose sys top 1
Run Time: 134 days, 16 hours and 30 minutes
0U, 0S, 100I; 5969T, 2143F, 370KF
iked 109 S 4.9 0.6
sqldb 103 S 3.9 6.3
proxyworker 84 S 0.9 1.0
scanunitd 28593 S < 0.9 0.4
miglogd 76 S 0.9 0.3
forticron 96 S 0.0 10.4
ipsengine 105 S < 95.0 2.2
cmdbsvr 46 S 0.0 1.5
proxyworker 88 S 0.0 1.0
hasync 113 S < 0.0 0.8
cw_acd 27878 S 0.0 0.8
httpsd 28512 S 0.0 0.5
httpsd 28511 S 0.0 0.5
vsd 117 S 0.0 0.5
httpsd 78 S 0.0 0.4

diagnose sys top 1
Run Time: 134 days, 16 hours and 30 minutes
0U, 0S, 100I; 5969T, 2143F, 370KF
iked 109 S 4.9 0.6
sqldb 103 S 3.9 6.3
proxyworker 84 S 0.9 1.0
scanunitd 28593 S < 0.9 0.4
miglogd 76 S 0.9 0.3
forticron 96 S 0.0 10.4
ipsengine 105 S < 95.0 2.2
cmdbsvr 46 S 0.0 1.5
proxyworker 88 S 0.0 1.0
hasync 113 S < 0.0 0.8
cw_acd 27878 S 0.0 0.8
httpsd 28512 S 0.0 0.5
httpsd 28511 S 0.0 0.5
vsd 117 S 0.0 0.5
httpsd 78 S 0.0 0.4

In the case above, although this is a fake, there the ipengine (IPS) process takes not far from 95% of CPU resources, which is not top (juego de palabras).

That do so in this case you say, you have the borrow option which is to reboot the firewall, yeah bof, the alternative is to restart the process ipengine, why nothing more simple you simply run the following command:
diag test app ipsmonitor 99
1

diag test app ipsmonitor 99

III. more information about the “diag test app ipsmonitor” command

diag test application ipsmonitor

IPS Engine Test Usage: (Values for >
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor

diag test application ipsmonitor

IPS Engine Test Usage: (Values for >
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor

(0)