Created on 12-29-2022 07:54 AM Edited on 09-29-2023 12:29 AM By Jean-Philippe_P
Description | This article describes how to free up memory to avoid FortiGate entering conserve mode when its resources are highly utilized. |
Scope | FortiOS. |
Solution |
FortiGate goes into a conserve mode state as a self-protection mechanism when system memory is highly utilized and reaches a specific threshold.
Three memory thresholds can be configured:
config system global set memory-use-threshold-extreme <integer> set memory-use-threshold-green <integer> set memory-use-threshold-red <integer> end
This article describes how conserve mode is triggered:
Follow the steps below to manually free memory:
config system global set tcp-halfclose-timer 30 default is 120 sec set tcp-timewait-timer 0 default is 1 sec set udp-idle-timer 60 default is 180 sec end
In this way, FortiGate will wait a shorter time for sessions to close.
Refer to the following articles for more information: Technical Tip: Steps on how to optimize Memory consumption. Technical Note: Memory optimization techniques for FortiOS.
When enabled, IPS may consume a lot of resources. The following article describes how to optimize IPS engine values:
Another effective way to reduce the overall memory usage of a device is to lower the amount of workers running. For more details, refer to the following article: Technical Tip: Reduce memory usage by reducing the number of spawned daemons |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.