|
Certain FortiGate-100F and 101F have 4GB of RAM, while other units have 8GB of RAM. This impacts the baseline memory consumption of the device, as a 4GB 100/101F device will consume more RAM at idle with an equivalent set of features enabled relative to a unit with 8GB of memory. Devices with 4GB of RAM are referred to as 'generation 1' FortiGate-100/101Fs, and devices with 8GB of RAM are referred to as 'generation 2' FortiGate-100/101Fs.
To identify which specific unit a specific model is, refer to the output of the CLI command ‘get hardware status’. Refer to example output from a 101F 'generation' 1 below with the device having approximately 4GB of RAM:
FortiGate-100F # get hardware status
Model name: FortiGate-101F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 8
RAM: 3614 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: 457862 MB /dev/sda
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
Hardware Revision: Rev1
A FortiGate-100F 'generation 2' will show approximately 8GB of RAM as available:
FortiGate-100F # get hardware status
Model name: FortiGate-100F
ASIC version: SOC4
CPU: ARMv8
Number of CPUs: 8
RAM: 7587 MB
EMMC: 3662 MB(MLC) /dev/mmcblk0
Hard disk: not available
USB Flash: not available
Network Card chipset: FortiASIC NP6XLITE Adapter (rev.)
Hardware Revision: Rev2
Note:
FortiGate-100F 'generation 1' and '2' models have no hardware disk for logging and FortiGate-101 'generation 1' and '2' will have a hardware disk for logging. There is no other difference between FortiGate-100/101F models.
At baseline, a 'generation 1' unit with the factory configuration and no traffic running through the unit on v7.2.11 will have about 38% of system memory consumed:
FortiGate-100F # get system performance status
Memory: 3701336k total, 1397904k used (37.8%), 1914888k free (51.7%), 388544k freeable (10.5%)
For comparison, a 'generation 2' FortiGate-100F on the same firmware with the same factory default configuration shows only 15% of system memory being consumed:
FortiGate-100F # get system performance status
Memory: 7769888k total, 1169212k used (15.0%), 6229236k free (80.2%), 371440k freeable (4.8%)
Enabling IPS inspection on a single firewall policy on a 'generation 1' FortiGate-100F will result in system memory consumption increasing to about 53% as the IPS engine must load signatures and other data into memory to function:
FortiGate-100F # get system performance status
Memory: 3701336k total, 1982240k used (53.6%), 1326696k free (35.8%), 392400k freeable (10.6%)
There is still no user traffic or active security inspection being processed on this unit, and memory usage has still increased by 17%.
Additional FortiOS features like device detection, security fabric, or running the device in multi-VDOM mode can also increase the amount of memory used while the device is idling and not forwarding traffic.
Newer versions of FortiOS additionally include more features running on the device at baseline, which result in a corresponding increase in baseline memory consumption.
The higher the baseline memory consumption is on a FortiGate, the less additional memory consumption is required to push the device into conserve mode and impact traffic flowing through the device.
For additional information regarding conserve mode, refer to this KB article:
Technical Tip: How conserve mode is triggered
To reduce the baseline memory consumption on generation 1 FortiGate 100Fs, refer to the memory optimization settings in the following two KB articles:
Technical Tip: Free up memory to avoid conserve mode
Technical Tip: How to optimize memory consumption for smaller FortiGates
For more information regarding v7.4.8 and the impact on baseline memory consumption, refer to this KB article:
Technical Tip: Higher base memory usage after upgrade of FortiOS 7.2.x to 7.4.8
|
