High memory utilization on Fortigate 80E

Forum|Forum|7 years ago
May 13, 2019
1 reply
6300 views

Could someone share his/her data on memory utilization on Fortigate 80E with SSL inspection, AV, IPS enabled?

Is it possible to list which IPS signature is using the most resources?

I'm using FortiOS 6.0.4 with two 80E in cluster (A/P). My memory usage is 80-85% and quite often my boxes go in conserve mode. I did all the suggested memory performance tweaking and I also created script for restarting IPS engine. When i restart IPS engine memory drops to 60-ish %. I'm wondering if this is normal behavior for this box with all the profiles enabled and 50-60 users on the network.

ede_pfau

SuperUser

There is no way to list the most-used IPS signatures.

But, it's not so much the signatures in use but the signatures the FGT has to check...if you enable all available signatures the FGT will really have to work a lot. And IPS is memory-intensive.

My advice:

create UTM profiles for different user / host groups (clients, servers, guest WiFi). Select IPS signatures according to the threats you expect for each group. For instance, you will not check Linux signatures if all of your hosts run Windows...

TindrliAuthor

New Member

That's what I thought, I already selected Windows OS and changed severity to med, high, critical.

i never experienced this myself, I only know what client tells me. What should i monitor in order for slave unit to take over when primary fails in this case? I have a cluster of two Fortigates here in A/P mode.

Ashik_Sheik

New Member

You can only do the automatic failover by setting the monitor inetrface not by service or memory .

May b other experts can comment on this .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded