Description
This article describes the changes to conserve mode self protection mechanisms in 5.6.
Scope
FortiGate 5.6.
Solution
The main differences are as follows:
3 memory thresholds: green, red, and extreme.
'red' and 'extreme': Both 'red' and 'extreme' are thresholds to enter in 'conserve mode' when the system memory used is over their thresholds.
When the used memory goes over the defined red threshold, the kernel raises the conserve mode state. FortiGate functions reacting to conserve mode state, like antivirus transparent proxies, would apply their own restriction based on their settings.
If the used memory continues to increase and reach the 'extreme' threshold, conserve mode actions taken with the red threshold are still active and additionally new sessions will be dropped.
'green': When used memory goes below the 'green' threshold, kernel releases the conserve mode state. FortiGate functions reacting to conserve mode state would stop their restriction measures.
Configurable thresholds.
Though it is recommended to keep the default memory threshold, a new CLI command has been added to allow administrators to adjust the thresholds.
Default values are :
- Red: 88% of total memory is considered "used memory"
- Extreme: 95% of total memory is considered "used memory"
- Green: 82% of total memory is considered 'used memory'.
Configuration (CLI only):
config system global
set memory-use-threshold-extreme 95
set memory-use-threshold-red 88
set memory-use-threshold-green 82
end
Diag command:
diagnose hardware sysinfo conserve
memory conserve mode: off
memory used: 448 MB 45% of total RAM
memory used threshold extreme: 944 MB 95% of total RAM
memory used threshold red: 874 MB 88% of total RAM
memory used threshold green: 815 MB 82% of total RAM