IPSmonitor Memory Usage

Forum|Forum|9 years ago
September 19, 2016
1 reply
9560 views

Hi

We are running a Fortigate 200D on version 5.2.6 - we had an issue a week ago where the Fortigate went into conserve mode with memory usage above 85%. The only way we could find to recover was rebooting the unit.

Currently our memory usage is at 56 % spiking now and then to 65% -- with this we are careful to make changes not to let memory spike again. Running the command "diagnose sys top-summary" we see that the IPSmonitor is the highest memory user (if I am reading the output correctly it appears as if there are 4 x "ipsmonitor" processes running).

We proceeded to disable Intrusion policies configured and we also under Global completely disabled the "Intrusion Protection" Security feature -- however we still have the 'ipsmonitor' running and using alot of memory.

How can I troubleshoot ipsmonitor service and disable it without breaking my fortigate? No IPS is required at this stage.

ede_pfau

SuperUser

The IPS process should not actively consume memory if not referenced in any policy.

What you could do - but requires offline time - is to rebuild the FGT filesystem from scratch:

- connect via serial line to FGT

- reboot, interrupt boot process by hitting a key

- reformat flash disk (this will erase firmware, config, signatures etc.)

- reload firmware via TFTP

- reload config

- update UTM signatures

I know it's vague but sometimes there are internal filesystem errors that prevent e.g. signature updates, or let the engines crash.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded