1. At FortiGate unit, configure the av-mem-limit feature:

config ips global

set av-mem-limit xx

end

xx is an integer value from <10> to <50>.

2. Configure av-failopen with the pass as follows:

config system global

set av-failopen pass

end

3. The av-mem-limit feature does not work with the setting 'set av-failopen pass'.

To fix:

1. For a workaround with a temporary fix:

config system global

set av-failopen yy

end

yy is off or one-shot.

2. For a permanent fix:

It is necessary to upgrade FortiGate firmware version to be v7.4.6, v7.6.1, or above.