Technical Tip: Actions and information that should be collected when a FortiGate device enters in Conserve Mode
Description
This article describes which general actions could be taken and which information should be sent to Fortinet Support in case of unexpected entry of the device into Conserve Mode.
Scope
Provide some suggestions to try to mitigate when a FortiGate device is entering in conserve mode unexpectedly and also to indicate the command to use to start the analysis.
Solution
FortiGate devices can enter Proxy or Kernel mode when the memory usage is higher than 70%, the features that consume the most memory being the IPS and the anti-virus.
So, if noticing that a FortiGate device enters conserve mode, check if the profiles of the previously mentioned feature are enabled, also check if the profiles of these features are needed in all policies where they are being used.
If not, disable them from the unneeded policies. If the profiles are required, try to mitigate this issue by following the recommended actions described in the related KB article.
Nevertheless, if the problem persists, use the following commands and send the output to Fortinet Support for analysis:
get system status
get system performance status <-- Use this command three times leaving a time interval of 40 seconds to 1 minute between each execution.
diag sys top 2 40 <-- Let this command run for 40 seconds to 1 minute, then stop it via CTRL+C.
diagnose sys top-mem 20
diag sys top-s '-s mem'
diag hard sysinfo memory
diag hard sysinfo slab
diag hard sysinfo shm
get log disk setting
get log disk filter
get log memory setting
get log memory filter
diagnose hard sys conserve
diag debug crashlog read
Related Article: