FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rpmadathil_FTNT
Article Id 197215

Description

This article describes how to optimize the use of memory for FortiGate or FortiWiFi models running FortiOS 5.4 or 5.6.


Scope

All FortiGate and FortiWiFi units. Models 100D and lower may experience a greater benefit compared to larger models.


Solution

1)  Set the antivirus database to normal:
config antivirus settings
    set default-db normal
end
 

2)  Reduce these TCP and UDP session timers:
config system global
   set tcp-halfclose-timer 30
   set tcp-halfopen-timer 8
   set udp-idle-timer 90
end
3)  Change the global inspection mode to flow-based from proxy:

      -Instructions for FortiOS 5.4 can be found here.
      -Instructions for FortiOS 5.6 can be found here.

4)  Change default session TTL:
config system session-ttl
    set default 300
end
5)  Lower AV threshold to 1MB for all protocols in "default" proxy options profile:

       If a custom proxy o
ption profile has been created, then the "edit default" line should be changed to "edit {your profile name}".
config firewall profile-protocol-options
    edit default
        config http
            set oversize-limit 1
        end
        config ftp
            set oversize-limit 1
        end
        config imap
            set oversize-limit 1
        end
        config mapi
            set oversize-limit 1
        end
        config pop3
            set oversize-limit 1
        end
        config smtp
            set oversize-limit 1
        end
        config nntp
            set oversize-limit 1
        end
    next
end

6)  Disable logging to memory:
config log memory setting
    set status disable
end

 

Contributors