|
The following are some configuration adjustments to reduce and optimize memory usage when low-end models with UTM have high memory usage.
Increase memory-use-threshold:
config system global
set memory-use-threshold-extreme 97
set memory-use-threshold-green 90
set memory-use-threshold-red 94
end
Or schedule update at off peak time. For example:
config system autoupdate schedule
set frequency daily
set time 03:00
end
Or reduce worker count. For example:
config system global
set miglogd-children 1
set sslvpn-max-worker-count 1
set wad-worker-count 1
set scanunit-count 2
end
The IPS process count can be configured:
config ips global
set engine-count 1
set cp-accel-mode none
set exclude-signatures none
end
config log memory setting
set status disable
end
config log disk filter
set forward-traffic disable
end
Reduce session-TTL to improve session recycling efficiency:
config system session-ttl
set default 600
config port
edit 1
set protocol 17
set timeout 120
next
end
end
Reduce dns-cache:
config system dns
set dns-cache-limit 300
end
Disabled the security rating submission:
config system global
set security-rating-result-submission disable
set security-rating-run-on-schedule disable
end
Reduce internet-service-database:
config sys global
set internet-service-database on-demand
end
exe update-ffdb-on-demand
NOTE: Consider these low end models have only 2GB of RAM. It is therefore very likely this device enters conserve mode quickly if there are many sessions in progress for FortiGate.
|
