Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jcovarrubias
Staff
Staff

Created on ‎09-11-2025 07:56 AM Edited on ‎11-12-2025 11:41 PM By Community Manager

Article Id 409479

Troubleshooting Tip: Conserve mode triggered by node process memory leak in FortiOS 7.4.8 and 7.6.3

Description This article describes a memory leak issue in the node process on v7.4.8 that can trigger conserve mode.
Scope FortiGate v7.4.8 and v7.6.3.
Solution

Background:

Conserve mode occurs when memory utilization exceeds the configured value under set memory-use-threshold-red 88, typically caused by insufficient memory capacity, unintended software behaviors, or memory-intensive processes. Long-term monitoring of memory consumption trends is essential for identifying memory leaks and preventing conserve mode activation

 

For more information, see Technical Tip: Memory Management: A Long-Term Strategy to Prevent Conserve Mode

 

Fortinet identified a memory leak in the NODE on v7.4.8  and v7.6.3 that can be identified through regular monitoring using these commands:

 

Identifying the Memory Leak Pattern:

 

Step 1: Monitor process memory consumption.

 

F2 # diagnose sys top-mem 5

node (2093): 328733kB   <----- Increases.

wad (2198): 192759kB

wad (2199): 106893kB

ipsengine (2445): 97662kB

ipsengine (2444): 95252kB

Top-5 memory used: 821299kB

 

Step 2: Check overall memory utilization.

 

F2 # get system performance status | grep Mem

Memory: 4041524k total, 2511412k used (62.1%), 1065808k free (26.4%), 464304k freeable (11.5%)  ß Total utilization increases

 

If memory increases consistently over time (several days), a memory leak pattern has likely been identified.

 

Contributing Factors:

External management tools such as security fabric, FortiManager etc, that query the FortiGate can trigger increased node process activity.

 

Workaround:

Restart the NODE process. Follow these steps to do so:

  1. Identify the process ID. This information can be viewed with the following command:

 

F2 #diagnose sys process pidof node

2093 

         

Or it can be viewed with this command:

 

F2 # diagnose sys top-mem 5

node (2093) 328733kB 

  

  1. Restart the process with the following parameter:

 

F2 # diagnose sys kill 11 2093

 

This temporarily resolves the memory leak by releasing the memory that was held by the process. Restart the node daemon via an automation script.

 

config system auto-script
    edit restart_node
        set interval 86400  <---- 24 hours.
        set repeat 1000     <---- 1000 times.
        set start auto
        set script "fnsysctl killall node" <----- Command to restart the Node.js daemon.
    next
end

 

Fix:

This issue has been resolved in v7.4.9 and v7.6.5 (scheduled for release in November 2025): Resolved issues

 

Related article:
Technical Tip: High memory usage of node process
3251
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.