Description |
This article provides and explains a full script for reducing memory usage in small FortiGate units that are experiencing conserve mode. This is intended for smaller FortiGate units (ranging from FGT30X to FGT100X) that are suffering from insufficient memory and resources. Fluctuations in network traffic or spikes in sessions may push these firewalls into 'conserve mode', where they might lock up and block new sessions as a protective measure. Using the recommended FortiOS for the FortiGate model in use is also highly recommended. Click here to find the best version of FortiOS to use for a given model. |
Scope | FortiGate. FortiOS 7.x. |
Solution |
Suggested actions:
Configuration steps:
Global System Configuration:
set memory-use-threshold-extreme 97 end
IPS Configuration:
config ips global set engine-count 2 end
Session TTL Configuration:
set default 300 config port edit 0 set protocol 17 next end end
DNS Configuration:
set dns-cache-limit 600 end
FortiGuard Configuration:
config system fortiguard set webfilter-cache-ttl 600 end
Automation Action Configuration:
edit "RestartWAD" set action-type cli-script next end
Automation Trigger Configuration:
config system automation-trigger edit "Enters Conserve Mode" set event-type low-memory next end
Automation Stitch Configuration:
edit "Restart WAD during Conserve Mode" set trigger "Enters Conserve Mode" config actions edit 1 set action "RestartWAD" next end next end
Auto-Script Configuration:
config system auto-script edit restart_IPSengine set interval 43200 next end
In conclusion, these steps can make smaller FortiGate devices handle memory better.
Reducing memory usage in FortiGate: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.