FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nvisentin_FTNT
Article Id 195746
Description
This article explains the memory_tension_drop counter that can be retrieved using the following command:
# diagnose sys session stat
misc info:     session_count=252 setup_rate=7 exp_count=1 clash=173
    memory_tension_drop=13035 ephemeral=0/61440 removeable=0
delete=0, flush=0, dev_down=0/0
TCP sessions:
     1 in NONE state
     83 in ESTABLISHED state
     7 in SYN_SENT state
     6 in FIN_WAIT state
     8 in TIME_WAIT state
     1 in CLOSE state
     2 in CLOSE_WAIT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
ids_recv=00000000
url_recv=00000000
av_recv=003516f6
fqdn_count=00000070
tcp reset stat:
    syncqf=386 acceptqf=0 no-listener=90836 data=0 ses=581 ips=0
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

Solution
The memory tension drop is a mechanism to delete kernel sessions based on lack of memory, but it has no direct relationship to conserve mode.  When the kernel cannot allocate memory for some reason (free memory not available), then the session table is scanned and the oldest sessions are deleted.  The counter memory_tension_drop gives the number of sessions deleted due to this process.   It is a cumulative counter.

This counter should stay equal to 0, otherwise it means that the unit is running too high in memory.

Contributors