Skip to main content
johnlloyd_13
johnlloyd_13
Explorer III
February 5, 2025
Solved

SNAT Policy Log Allowed in FGT VDOMs

  • February 5, 2025
  • 1 reply
  • 1978 views

hi,

i'll be creating multiple (a lot) SNAT policy in a multi-VDOM FGT which is an "F" series (1000 plus model)

my question, do i enable/allow log "all sessions" or just "security events"?

can my current platform (1000 plus F model) can handle such log?

i just want to prevent any high CPU/memory due to lots of NAT processing/cache.

image.png

 

Best answer by dingjerry_FTNT

Hi @johnlloyd_13 ,

 

Technically, it's hard to cause high CPU/Memory usage issues due to NAT usage.

 

1) The following doc is talking about possible reasons causing high CPU:

 

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/232929/troubleshooting-high-cpu-usage

 

2) The KB is talking about something for conserve mode (Memory usage issue)

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-conserve-mode-is-triggered/ta-p/198580?externalID=FD33103

 

 

1 reply

funkylicious
SuperUser
funkylicious
SuperUser
February 5, 2025

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-Security-Events-and-All-session/ta-p/206881 

Since the 1000F does not have a local disk to store the logs, all logs will be held in memory for a rather short duration of time or until a reboot.

It would be recommended to use a external syslog server or FortiAnalyzer to send the logs to relieve the FGT from any 'stress' .

"jack of all trades, master of none"
dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
February 5, 2025

Not true. 

 

FGT 1001F does have a Local Disk. It should be the same for FGT 1000F.

 

Version: FortiGate-1001F v7.4.7,build2731,250120 (GA.M)
......
Log hard disk: Available

 

@johnlloyd_13 ,

 

It should be fine to enable NAT and logs in multiple policies.

    funkylicious
    SuperUser
    funkylicious
    SuperUser
    February 5, 2025

    as far as I know, only models ending with xxx1 have local storage, maybe on higher models/chassis this rule doesn't apply but in the product matrix 1000F is not listed with storage but rather, Local Storage 960 GB (1001F)

    "jack of all trades, master of none"
      Terms & ConditionsAccessibility statement