Description | This article describes how to free up memory to avoid FortiGate entering conserve mode (Technical Tip: How conserve mode is triggered) when its resources are highly utilized. |
Scope | FortiGate. |
Solution |
FortiGate goes into a conserve mode state as a self-protection mechanism when system memory is highly utilized and reaches a specific threshold.
When enough memory is recovered, it exits the conserve mode state and deactivates the previous state.
Three memory thresholds can be configured:
config system global set memory-use-threshold-extreme <integer> set memory-use-threshold-green <integer> set memory-use-threshold-red <integer> end
Those are in percent of total memory. And have the following values: minimum 70, maximum 97, and default as below:
memory-use-threshold-extreme - Threshold at which memory usage is considered extreme. Default value: 95 memory-use-threshold-red - Threshold at which memory usage forces the FortiGate to enter conserve mode. Default value: 88 memory-use-threshold-green - Threshold at which memory usage forces the FortiGate to exit conserve mode. Default value: 82
Reference: config system global
This article describes how conserve mode is triggered: Technical Tip: How conserve mode is triggered - Fortinet Community.
Follow the steps below to manually free memory:
Try to Log in to an external device, like FortiAnalyzer or Syslog, whenever possible. This is not just a way to reduce the memory footprint on FortiGate but is also a more secure method.
As such logs are difficult to tamper and compromise in case of security events. They could also contain much longer log history (depending on external device log disk capacity and settings). Or be re-used in some SIEM systems to detect, or even predict, security events.
Pay attention to:
Reference: CLI reference log 7.2.6
config system global
config antivirus settings
Set updates to off-peak hours: (the example uses 3 AM, feel free to change as appropriate for the expected environment).
config system autoupdate schedule
Or:
Switch the ISDB database to keep a small-sized Internet Service database with very limited IP addresses.
config sys global
execute update-now
In this way, FortiGate will wait a shorter time for sessions to close.
config system global set tcp-halfclose-timer 30 <--- Default is 120 sec. set tcp-halfopen-timer 5 <--- Default is 10 sec. set tcp-timewait-timer 0 <--- Default is 1 sec. set udp-idle-timer 60 <--- Default is 180 sec. end
config system session-ttl set default 300 <---- The default value is 3600. end
To specify different values for different protocols, configure them as below. In the following example for DNS requests, the FortiGate will wait for a different length of time than the default value specified above:
config system session-ttl config port
For steps 1 and 2, additionally, refer to this article: Technical Note: Session TTL values and Policy RST for Sessions
config system dns end
config system fortiguard set antispam-cache-ttl 600 <--- The default value is 1800. end
config system global end
Refer to the following articles for more information: Technical Tip: Steps on how to optimize Memory consumption Technical Note: Memory optimization techniques for FortiOS
When enabled, IPS may consume a lot of resources. The following article describes how to optimize IPS engine values:
Another effective way to reduce the overall memory usage of a device is to lower the amount of workers running. For more details, refer to the following article: Technical Tip: Reduce memory usage by reducing the number of spawned daemons
FortiGates with memory usage already high might activate memory conserve mode during FortiGuard updates. As the databases grow with new objects and IP addresses on each update, the recommendation is to perform ISDB updates during quieter periods when memory usage is anticipated to be lower on the unit.
With the update implemented in October 2023, the size of the ISDB has surged by 30%. Consequently, there is an elevated risk of the system entering conserve mode, particularly on lower-end FortiGate hardware units that are already experiencing high memory consumption. Refer to the following article: Technical Tip: FortiGate is entering into Conserve Mode during FortiGuard Updates
Note: Switch the ISDB database to be used only when needed Technical Tip: Script for reducing memory usage in small FortiGates experiencing conserve mode |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.