Numerous Fortigates have high CPU load since this Saturday - all cause by httpsd
Dear all
I manage a lot of seperate Fortigate firewalls (40F, 60F and 80F), all with the latest version of 7.2. installed. These firewalls are at seperate customers, all with their own standalone configuration.
Since this Saturday I got message from my monitoring tool that the CPU is maxed out on pretty much all of them. I can log in via SSH and was able to verify that it's httpsd that causes the spike. Restarting the service didn't help - it spawns a lot of child processes.
I can - for the life of me - not figure out why that is and why it started on Saturday. HTTPS access is prohibited on WAN interface, they are however reachable via SSL VPN on the WAN port - I am yet to migrate to ZTNA.
Do we know of a federated attack starting this weekend?
Looking forward to your help.
EDIT: I need to correct myself: It only happened to the customers where I never disabled HTTPS access on the WAN interface. Log showed 100s of login attempts - no wonder httpsd broke.
I was able to login via SSH and disable HTTPS access, then kill all httpsd services. Problem solved.
config system interface
edit wan1
unset allowaccess
end
fnsysctl killall httpsd