Technical Tip: From v7.6.1 upto v7.6.3 running (<4Gb RAM) entering conserve mode when enable IPS or APP control feature

mkhabbazi · ‎12-15-2024

Description

This article explains the issue of devices with 4 GB RAM getting to conserve mode during the FortiGuard upgrade while IPS and application control are enabled on firewall policies running in v7.6.1, v7.6.2, and v7.6.3.

This combination described above matches the known issue: 1076213.

Scope

FortiGate v7.6.1 and v7.6.2 with 4 GB RAM.

Solution

FortiGates with 4GB memory might enter conserve mode during the FortiGuard update when IPS or APP control is enabled.

The command below in FortiGate CLI will show the RAM:

FortiGate-100F # get hardware status

Model name: FortiGate-100F

ASIC version: SOC4

CPU: ARMv8

Number of CPUs: 8

RAM: 3614 MB

FortiGate-100F # get sys perf status

Memory: 3701376k total, 3174480k used (85.8%), 312896k free (8.5%), 214000k freeable (5.7%)

logid="0100022815" type="event" subtype="system" level="notice" vd="root" logdesc="Scanunit loaded AV Database" action="update" msg="scanunit=manager pid=1204 loading AV database successful"

FortiGate-100F # diag sys top-all 2 100

Run Time: 0 days, 0 hours and 20 minutes

25U, 0N, 0S, 75I, 0WA, 0HI, 0SI, 0ST; 3614T, 643F

ipshelper 263 R 99.9 3.5 4

wad_ips 1338 R 99.5 1.8 2

bcm.user 133 S < 2.9 0.5 1

newcli 1333 S 1.4 0.7 0

FortiGate-100F # diagnose sys top-mem 250

ipshelper (263): 369914kB

wad_ips (1338): 195507kB

ipshelper is part of the IPS engine, and wad_ips is WAD's ips/appctl database builder.

This issue is resolved in v7.6.2. The fix is scheduled for release in March 2025.

Workaround:

Disable proxy-inline-ips:

config ips settings

set proxy-inline-ips disable

end

Option:

Set cp-accel-mode none:

config ips global

set cp-accel-mode none

end

Solution:

The issue has already been addressed in v7.6.4.

Related article:

Technical Tip: From v7.6.1 upto v7.6.3 running (<4Gb RAM) entering conserve mode when enable IPS or APP control feature

You are leaving our website