Description
This article describes how to optimize the use of memory for FortiGate or FortiWiFi models running FortiOS 5.4 or 5.6.
Scope
All FortiGate and FortiWiFi units. Models 100D and lower may experience a greater benefit compared to larger models.
Solution
- Set the antivirus database to normal:
config antivirus settings
set default-db normal
end
- Reduce these TCP and UDP session timers:
config system global
set tcp-halfclose-timer 30
set tcp-halfopen-timer 8
set udp-idle-timer 90
end
- Change the global inspection mode to flow-based from proxy:
-
Change default session TTL:
config system session-ttl
set default 300
end
-
Lower AV threshold to 1MB for all protocols in the 'default' proxy options profile:
If a custom proxy options profile has been created, then the 'edit default' line should be changed to 'edit {your profile name}'.
config firewall profile-protocol-options
edit default
config http
set oversize-limit 1
end
config ftp
set oversize-limit 1
end
config imap
set oversize-limit 1
end
config mapi
set oversize-limit 1
end
config pop3
set oversize-limit 1
end
config smtp
set oversize-limit 1
end
config nntp
set oversize-limit 1
end
next
end
-
Disable logging to memory:
config log memory setting
set status disable
end
More info on memory optimization and how to avoid conserve mode, especially on low-end units:
Technical Tip: Free up memory to avoid conserve mode
