If the firewall 'get system performance status' output looks similar to below, it could be the RAM issue.

CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
Memory: 4039772k total, 3196532k used (79.1%), 543448k free (13.5%), 299792k freeable (7.4%)
Average network usage: 807 / 805 kbps in 1 minute, 540 / 558 kbps in 10 minutes, 564 / 578 kbps in 30 minutes
Maximal network usage: 4599 / 4634 kbps in 1 minute, 7800 / 7846 kbps in 10 minutes, 21083 / 20923 kbps in 30 minutes
Average sessions: 205 sessions in 1 minute, 250 sessions in 10 minutes, 219 sessions in 30 minutes
Maximal sessions: 225 sessions in 1 minute, 363 sessions in 10 minutes, 363 sessions in 30 minutes
Average session setup rate: 1 sessions per second in last 1 minute, 0 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutes
Maximal session setup rate: 7 sessions per second in last 1 minute, 9 sessions per second in last 10 minutes, 23 sessions per second in last 30 minutes

• Here, it is seen that the total number of sessions is 203 per minute, however, the firewall memory is 79%.

• Collect 'diagnose hardware sysinfo memory' and verify the total memory. Compare this with the hardware datasheetof the related FortiGate model, if there is a difference in the RAM size of the device, the issue is with the device RAM.

Example: Let's say there is one 200F device with high memory & fewer sessions.

Verify the hardware memory using 'diagnose hardware sysinfo memory', it is 4 GB and according to the datasheet of 200F, the total RAM is 8 GB. So, there is an issue with the RAM size.

Collect the 'exec tac report' and the above-requested info and reach out to TAC.