[NetSec] Beware of the “D” State

When you issue the top command on a Fortigate firewall, you see the states of the processes along with the other information such as CPU and memory usage.

Here is an example:

Run Time: 356 days, 7 hours and 13 minutes
13U, 0N, 22S, 65I; 15972T, 7794F, 1013KF
ipsengine 12441 S < 27.4 1.0
ipsengine 12435 S < 27.4 1.0
ipsengine 11399 R < 26.4 1.0

A process’ state is usually R(unning) or S(leeping), but can be any of the following:

D = Disk sleep

R = Running

S = Sleeping

T = Traced or stopped

Z = Zombie

D state is particularly important, as it implies that something is wrong with the disk IO, and the process can not continue running because it can not read or write from/to the flash disk.

cmdbsvr is the process performing the configuration read and write on the flash disk. If you see the cmdbsvr is in D state, do not, I repeat, do not kill the process. If you kill the process abruptly, it is highly possible that your configuration file will become corrupted. Just reboot the firewall gently, and check the disk hardware.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s