Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jcovarrubias
Staff
Staff

Created on ‎09-11-2025 07:56 AM Edited on ‎10-12-2025 11:48 AM By Moderator

Article Id 409479

Troubleshooting Tip: Conserve mode triggered by node process memory leak in FortiOS 7.4.8 and 7.6.3

Description This article describes a memory leak issue in the node process on FortiOS version 7.4.8 that can trigger conserve mode.
Scope FortiGate devices running FortiOS version 7.4.8 and 7.6.3.
Solution

Background:

Conserve mode occurs when memory utilization exceeds the configured value under set memory-use-threshold-red 88, typically caused by insufficient memory capacity, unintended software behaviors, or memory-intensive processes. Long-term monitoring of memory consumption trends is essential for identifying memory leaks and preventing conserve mode activation

 

For more information, see Technical Tip: Memory Management: A Long-Term Strategy to Prevent Conserve Mode.

 

Fortinet identified a memory leak in the NODE on versions 7.4.8  and 7.6.3 that can be identified through regular monitoring using these commands:

 

Identifying the Memory Leak Pattern:

 

Step 1: Monitor process memory consumption.

 

F2 # diagnose sys top-mem 5

node (2093): 328733kB   <----- Increases.

wad (2198): 192759kB

wad (2199): 106893kB

ipsengine (2445): 97662kB

ipsengine (2444): 95252kB

Top-5 memory used: 821299kB

 

Step 2: Check overall memory utilization.

 

F2 # get system performance status | grep Mem

Memory: 4041524k total, 2511412k used (62.1%), 1065808k free (26.4%), 464304k freeable (11.5%)  ß Total utilization increases

 

If memory increases consistently over time (several days), it is likely that a memory leak pattern has been identified.

 

Contributing Factors:

 

External management tools such as security fabric, FortiManager etc, that query the FortiGate can trigger increased node process activity.

 

Workaround:

 

Restart the NODE process. Follow these steps to do so:

 

  1. Identify the process ID. This information can be viewed with the following command:

F2 #diagnose sys process pidof node

2093 

         

Or it can be viewed with this command:

 

F2 # diagnose sys top-mem 5

node (2093) 328733kB 

  

  1. Restart the process with the following parameter:

 

F2 # diagnose sys kill 11 2093

 

This temporarily resolves the memory leak by releasing the memory that was held by the process.

 

Fix:

This issue has been resolved in FortiOS versions 7.4.9 and 7.6.5 (scheduled for release in November 2025): Resolved issues - FortiOS 7.4.9 release notes.

 

Related document:
Technical Tip: High memory usage of node process
1219
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.