Description
This article describes how to fix the WAD or IPS engine memory leak by restarting it every few hours.
Solution
Use the following commands for a FortiGate with or without VDOMs (if the multi-VDOM configures the commands in the global context):
For WAD:
config system auto-script
edit restart_wad
set interval 43200
set repeat 0 <- No limit.
set start auto
set script 'diagnose test application wad 99'
next
end
For IPSengine:
config system auto-script
edit restart_IPSengine
set interval 43200
set repeat 0 <- No limit.
set start auto
set script 'diagnose test application ipsmonitor 99'
next
end
This specific script will run every 12 hours an infinite amount of times. Change the settings as required.
The settings are:
- interval: Repeat the interval in seconds.
- repeat: Number of times to repeat this script (0 = infinite).
- start: Script starting mode.
- script: List of FortiOS CLI commands to execute.
Note:
Before configuring a script like this, the timing needs to be considered. For example, if the above script is configured at 8 pm in the evening, the next cycle to run this script will be 8 am in the morning. It is always good to configure a script like this before or after peak traffic hours.
