Description
This article provides guidelines to ensure a reliable operation of Fortinet Small Business models such as the FortiGate 30B, FortiGate 50B, FortiGate 60B, and FortiGate 60C.
Scope
Fortinet Small Business models.
Solution
It is suggested to use the following configuration best practices in order to obtain the best utilisation of the available memory in the Fortinet Small Business models:
- Disable logging to memory (Log&Report > Log Config > Log Setting).
- Disable unused protocols (HTTP, FTP, SMTP, POP, IMAP) from being antivirus scanned (Firewall>Protection Profile).
- Consider reducing the Oversize Threshold memory settings if the FortiGate unit shows persistently high memory usage. Set the 'Oversize Threshold Configuration' memory settings to 2MB for each respective protocol (Edit profile, Under Anti-Virus configuration set the oversize file threshold).
- Disable the DHCP server if it is not required (System > DHCP > Service and System > DHCP > Server).
- Disable DNS Forwarding if it is not required (System > Network > DNS).
- Disabling unnecessary IPS attack signatures can improve system performance and reduce the number of IPS log messages and alert emails. For example, if the network does not contain IIS web servers, the IIS signatures can be disabled.
- Change the default session TTL:
config system session-ttl
set default 300
end |
- Change the FortiGuard TTL:
config system fortiguard
set webfilter-cache-ttl 500
set antispam-cache-ttl 500
end |
- Change DNS cache:
config system dns
set dns-cache-limit 300
end |
- Disable DNS forwarding:
config system dns
unset fwdintf
end |
- If there is more than one DHCP server it will increase the memory usage.
- The best recommended version of FortiOS for FortiGate Small Business models is currently V4.0 MR1 latest patch.
The FortiGate unit should be rebooted after having disabled the various features and services in order to free up the memory.
