Skip to main content
gcraenen
gcraenen
New Member
April 26, 2019
Solved

Several problems high memory and cpu usage blocking WAN connection after upgrade to 6.2

  • April 26, 2019
  • 12 replies
  • 147951 views

Hi,

 

After upgrading from 6.0.4 to 6.2 I have problems with WAN connectivity falling out. I'm getting this message in de Fortios GUI:

 

Conserve mode activated due to high memory usage

 

I have tried to downgrade to 6.0.4 but can't with the error message that it failed beacause it cannot download the file from fortiguard. Help.

Best answer by SMabille

Hi,

 

Download the image from the Fortinet support website and upload/apply it from your browser.

 

Best regards,

Stephane

12 replies

SMabille
SMabilleAnswer
New Member
April 26, 2019

Hi,

 

Download the image from the Fortinet support website and upload/apply it from your browser.

 

Best regards,

Stephane

gcraenen
gcraenenAuthor
New Member
April 26, 2019

Thanks, that worked and everything is working ok again. Fortios 6.2 absolutely is not ready for our production environment.

nomeursy
nomeursy
New Member
May 2, 2019

Same problem here. After upgrade a Fortigate 30E, from 6.0.4 to 6.2.0, average MEM usage went from 65% to 75%, causing the Fortigate to go in and out of "Conserve mode". SSL-VPN does not except connections and WAN traffic is blocked several times a day. Downgrading back to 6.0.4 solved the problem.

anujdalal
anujdalal
New Member
June 12, 2019

Hi,

 

Having the same issue on Azure FGVM02 (memory leak?). I have 2 running in Active/Active HA. I removed one of them from the Azure Loadbalancer back-end pool ("cluster") at 64% memory usage. Even with close to no traffic going through it, the memory usage stayed at 64% constantly. The usage gradually climbs when the ipsengine is in use. diagnose sys top shows ipsengine using lots of memory, and not releasing it.

 

As for downgrading the firmware, I get the same error message, but downloading the image from https://support.fortinet.com/Download/VMImages.aspx seems to do the trick.

 

Thanks.

toren
toren
New Member
June 25, 2019

Hi,

 

Have the same problem on 61E. I restart FW every 2-3 days as it goes into "Conserve mode". 

 

Just had a call with support and was told to change web filter enabled security policy mode from flow based to proxy-based. That's a workaround till FortiOS 6.2.1 will be released which according to the support will happen early July.

 

Also diagnose test application ipsmonitor 99 can be used instead of restart to drop memory consumption.

mattf
mattf
New Member
June 26, 2019

I'm going to post this here in the hope that it helps others while we not so patiently wait for a fix.

 

If none of the above has helped you, work out where the memory leak is on your own fortigates by using the following command. get sys perf top On our firewalls, it's actually the WAD process which has the memory leak. There's 4 consecutive processes amounting to 40% of the total memory usage. This is determined by looking at the right most column in the results.

 

Press ctrl + c to stop the "sys perf" report.

 

Use diagnose test application wad 99 to restart the process which is causing your memory leak. *wad can be interchanged with any other process name which is responsible for the memory usage.  

marlonjohn
marlonjohn
New Member
June 26, 2019

happening to me also after 6.0 to 6.2 Fortigate 60e

lladereche
lladereche
New Member
July 1, 2019

I've created this auto-script to restart ipsmonitor every 6 hours:

 

config system auto-script edit "memoryscript" set interval 21600 set repeat 0 set start auto set script "diagnose test application ipsmonitor 99" next end

 

Thanks!

ISOffice
ISOffice
New Member
July 2, 2019

Hi all,

 

We have 2 X 100D Hardware Appliances running firmware version 6.2.0-build0866 in NAT (Flow-based) Mode (HA: Active-Passive).

We too are seeing periodic spikes in CPU usage which occasionally puts the appliance in 'conserve mode'.

However, on running the 'diag sys top' command, I'm seeing a process called 'log_se' as the main culprit of resource usage, rather than 'ipsengine'. I also have an automated task configured to restart the IPS Engine out-of-hours.

I understand the 'log_se' process to be related to logging and the CPU usage spikes when I am viewing Web Filter, Application Control, Local Traffic logs etc. in the GUI. I can't run queries on these logs within the GUI for any length of time in fear of spiking the CPU and pushing the appliance into 'conserve mode'.

I'm wondering if both of these issues are related and it is not only the IPS Engine which is hogging system resources.

I will pose the question to Fortinet Support to get their view on it and will post any developments.

 

Best Regards,

 

John P

ISOffice
ISOffice
New Member
July 3, 2019

Hi all,

 

Quick update.

Fortinet Support are insistent that my issue is caused by the known memory leak in the IPS Engine (Bug ID: 0546399) and that it will be rectified in Version 6.2.1.

This version is due for release "mid of July" with the caveat "release dates are as-is and still subject to change".

 

Best regards,

 

John P

ricsend
ricsend
New Member
July 10, 2019

 

Hi, I Have the same problem today in FG200E (6.2.0), What is the prevision for release of the 6.2.1 ??

Frank_Baschin
Frank_Baschin
New Member
July 12, 2019

Yesterday we had the same problem. Temp. solved with disable alle policy services and install the ips reboot script, which was posted in this forum. It seems that the IPS had a memory leak. Ticket is open 

BMS
BMS
New Member
July 14, 2019

Experiencing the same since upgrading a 61E from 6.0.5 to 6.2.  For me it's the WAD process that send the device into Conserve Mode.  

stuartlawson
stuartlawson
New Member
July 20, 2019

Was using 6.2.0 for a while. Then, ever since Cloudflare had DNS issues a couple of weeks ago the memory usage on my 201E has gone to memory conserve mode within 5 days after a reboot. Grateful to the people here that posted comments. Did a diag sys top command and found that it was the dnsproxy process that was eating up memory.

 

I went to Security Fabric -> Automation and set up the following to run late every night:

diag test application dnsproxy 99

Memory usage drops back down to 20% and I don't have to monitor it every day now.

scan
scan
Explorer
July 22, 2019

Hi

 

Did you check why you Fortigate is in the conserve Mode?

Here some ideas to figure it out why your Fortigate is in conserve Mode:

diagnose sys top-summary #Check which process use a lot of memory oder cpu

diagnose test application <Application-Name> #Restart Application

 

In the most situation a kill of the process do not solve the issue. Often you get other issues sometimes a couple of days or weeks later!

 

dogan_md
dogan_md
New Member
October 4, 2019

I'm using 90E, I had memory problems in version 6.2, then I switched to 6.2.1. But I'm having the same problem even more often. I couldn't restart the device from the menu when this last problem occurred, I had to unplug the power cord and plug it again.

aroch
aroch
New Member
October 14, 2019

Hello,

using 200E Cluster with 6.2.1, uptime 36 days and today we had the same issue.

diagnose test application wad 99 fixed it for the first time.

I have seen that 6.2.2 is out.

Can anyone confirm the problem is fixed with this ?

BR

gweeby
gweeby
New Member
October 14, 2019

Hello,

 

unfortunately we still have the memory conserve problem in 6.2.2

rflores
rflores
New Member
October 18, 2019

Update to 6.2.2, the last firmware

kcjefff
kcjefff
New Member
October 18, 2019

6.2.2 still has memory issues as well. TAC said a hotfix is coming in the next few days.

ddangel0
ddangel0
New Member
November 5, 2019

we have 3 fortigate 800D, one with 6.2.2, other with 6.2.1 and the last with 5.6.6

6.2.2 has a high memory usage in the proccess wad, once a day we have conserve mode, the only fix i found is to create an auto-script to restart wad every 4 hours.

On the other hand, it also presents problems with ipsmonitor, the use of cpu grows up to 100% and is not solved by restarting the ips. conclusion: 6.2.2 is not for production

 

6.2.1 is much better than 6.2.2

 

gcraenen
gcraenenAuthor
New Member
February 29, 2020

It's been almost a year since I first posted this message. I have just upgraded to firmware 6.2.3 and this problem is still not solved. After I switch on NZBGET to download files, the ipsengine goes bezirk and puts my 61E in conserve mode due to high CPU usage.

 

I reverted back to firmware 6.08 and everything is fine.

 

Incredible that a company cannot solve this in almost a year.

jminard
jminard
New Member
March 2, 2020

We have a case open with support for the conserve mode issue. We were running 6.0.x and they upgraded the box to 6.2.3. Still had issues. Their latest attempt to resolve it was to switch the box from proxy mode to flow mode for UTM. We've always used proxy mode, so I'm not sure what all that is going to impact. I have to check with my tech that is working on that client to see if it has made the problem go away or not.

tanr
tanr
New Member
March 2, 2020

@gcraenen, did you open a support ticket with TAC?  I known they've fixed a number of bugs between 6.2.0 and 6.2.3, some specific to ipsengine, but if your specific issue and repro case hasn't been reported them then it's unlikely to have gotten fixed.

 

Not saying that 6.2.3 is stable enough, though!  We usually wait till the .4 releases to start testing them for possible production use.  I'm reasonably hopeful

Show more replies
Terms & ConditionsAccessibility statement