Technical Tip: V7.6.1 running (<4Gb RAM) entering conserve mode when enable IPS or APP control feature

mkhabbazi · ‎12-15-2024

Description

This article explains the issue of the devices with 4 GB RAM getting to conserve mode during the FortiGuard upgrade while IPS and application control are enabled on firewall policies.

Scope

FortiGate v7.6.1 with 4 GB RAM.

Solution

The issue is under investigation as a known issue ID 1076213.

The command below in FortiGate CLI will show the RAM:

FortiGate-100F # get hardware status

Model name: FortiGate-100F

ASIC version: SOC4

CPU: ARMv8

Number of CPUs: 8

RAM: 3614 MB

FortiGate-100F # get sys perf status

Memory: 3701376k total, 3174480k used (85.8%), 312896k free (8.5%), 214000k freeable (5.7%)

logid="0100022815" type="event" subtype="system" level="notice" vd="root" logdesc="Scanunit loaded AV Database" action="update" msg="scanunit=manager pid=1204 loading AV database successful"

FortiGate-100F # diag sys top-all 2 100

Run Time: 0 days, 0 hours and 20 minutes

25U, 0N, 0S, 75I, 0WA, 0HI, 0SI, 0ST; 3614T, 643F

ipshelper 263 R 99.9 3.5 4

wad_ips 1338 R 99.5 1.8 2

bcm.user 133 S < 2.9 0.5 1

newcli 1333 S 1.4 0.7 0

FortiGate-100F # diagnose sys top-mem 250

ipshelper (263): 369914kB

wad_ips (1338): 195507kB

ipshelper is part of the IPS engine and wad_ips is WAD's ips/appctl database builder.

This issue is resolved in FortiGate v7.6.2 Firmware. The fix is scheduled for release in March 2025.

Workaround:

Disable proxy-inline-ips:

config ips settings

set proxy-inline-ips disable

end

Option:

Set cp-accel-mode none:

config ips global

set cp-accel-mode none

end

Related article:

Technical Tip: V7.6.1 running (<4Gb RAM) entering conserve mode when enable IPS or APP control feature

You are leaving our website