FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sbseeu
Staff
Staff
Article Id 190134

Description


This article describes how to fix the WAD or IPS engine memory leak by restarting it every few hours.

Solution

 

Use the following commands for a FortiGate with or without VDOMs (if multi-VDOM configures the commands in the global context):-
 
- For WAD:
 
# config system auto-script

    edit restart_wad
        set interval 43200
        set repeat 356
        set start auto
        set script 'diagnose test application wad 99'
    next
end

 

- For IPSengine:

 

# config system auto-script
    edit restart_IPSengine
        set interval 43200
        set repeat 356
        set start auto
        set script 'diagnose test application ipsmonitor 99'
    next
end
 
This specific script will run every 12 hours and 356 times. Change the settings as per the need.
 

The settings are:

 

interval: Repeat the interval in seconds.

repeat: Number of times to repeat this script (0 = infinite).

start: Script starting mode.

script: List of FortiOS CLI commands to execute.

 
Note:
 
Before configuring such a script timing needs to be kept in mind. For example, if the above script is configured at 8 pm in the evening next cycle to run this script will be 8 am in the morning, it is always good to configure such script after/before peak traffic hours.