Skip to main content
Bman854
Bman854
Explorer II
August 15, 2024
Question

FortiGate FG-40F freeze (stitch:Security Rating Notification is triggered)

  • August 15, 2024
  • 3 replies
  • 5697 views

Dear Forti Support,

it has happened today again (twice in last two weeks), that our box stopped working without any obvious reason. Our box:

  • FG-40F
  • firmware v7.2.8 build1639

In the log there are lines (in this order):

  1. stitch:Security Rating Notification is triggered.
  2. The system has activated session fail mode
  3. Kernel enters memory conserve mode
  4. Kernel enters extreme low memory mode.

Both RAM and CPU got to >90%, network stopped working and we had to power it off & on again.

 

Regards

3 replies

johnathan
Staff
johnathan
Staff
August 15, 2024

How many devices (switches, APs) are you managing on that FortiGate? Seems like you may be hitting Bug ID 1057862 if there is an excessive amount of devices. 

Never trust a computer you can't throw out a window.
    Bman854
    Bman854Author
    Explorer II
    August 16, 2024

    only Forti device in our LAN is this box (both switches and APs are different brand)

    AlexC-FTNT
    Staff
    AlexC-FTNT
    Staff
    August 16, 2024

    then your box is likely too small for the traffic passing through it. Follow the troublshooting steps and see what may cause the load (if there is a specific process overusing resources). This is a unit meant so serve small offices, with few devices.

    https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-do-initial-troubleshooting-of-high/ta-p/194874

      VinayHM
      Staff
      VinayHM
      August 17, 2024

      Hi Team,

       

      Please check if there any demons getting crashed by using the below command

      Diagnose debug crashlog read

       

      Regards,

      Bman854
      Bman854Author
      Explorer II
      August 20, 2024

      There is no option "read". I can type "get" instead, but then I get it as Base64 file, that I am not sure what to do with, or how to read that.

      VinayHM
      Staff
      VinayHM
      August 20, 2024

      Hi 

       

      We need to type read manually.

      Diagnose debug crashlog read

       

      Regards,

        apFortinet
        Staff
        apFortinet
        Staff
        August 17, 2024

        Hi @Bman854 ,

         

        As fortigate enters into conserve mode, we need more logs to identify what is causing conserve mode.

        I will recommend to set up teraterm script to collect logs output continuously as per below KB article:
        https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-High-memory-and-High-CPU-general-script/ta-p/270211

         

        Please note that you will need to choose correct script file depending on whether you have multiple VDOM mode enabled or not.

         

        Once logs are collected, you can create a support ticket and attach the logs for further review.

         

        Cheers,

        Ankit

        If you have found a solution, please like and accept it to make it easily accessible to others.

         

          Terms & ConditionsAccessibility statement