Verifying the true cause:

FortiGate with v7.4.3 enters conserve mode frequently.

The command below can be used to trace the memory usage consuming status to identify the issue if related to the bug ID: 1007809.

diagnose hardware sysinfo memory

Related document:

Resolved issues 7.4.4

In the debug log, the issue relates to bug ID 1007809, which has been fixed in the next patch 7.4.4.

Debug output:

159: 2024-07-18 12:51:41 service=kernel conserve=on total="3717 MB" used="3272 MB" red="3270 MB"
160: 2024-07-18 12:51:41 green="3047 MB" msg="Kernel enters memory conserve mode"
161: 2024-07-18 12:51:42 MemTotal: 3806344 kB
162: 2024-07-18 12:51:42 MemFree: 265876 kB
163: 2024-07-18 12:51:42 Buffers: 1096 kB
164: 2024-07-18 12:51:42 Cached: 749740 kB
165: 2024-07-18 12:51:42 SwapCached: 0 kB
166: 2024-07-18 12:51:42 Active: 2568656 kB
167: 2024-07-18 12:51:42 Inactive: 211348 kB
168: 2024-07-18 12:51:42 Active(anon): 2544096 kB   <-- Consistent increasing without release.
169: 2024-07-18 12:51:42 Inactive(anon): 191980 kB
170: 2024-07-18 12:51:42 Active(file): 24560 kB
171: 2024-07-18 12:51:42 Inactive(file): 19368 kB
172: 2024-07-18 12:51:42 Unevictable: 193752 kB
173: 2024-07-18 12:51:42 Mlocked: 4780 kB
174: 2024-07-18 12:51:42 SwapTotal: 0 kB
175: 2024-07-18 12:51:42 SwapFree: 0 kB
176: 2024-07-18 12:51:42 Dirty: 64 kB
177: 2024-07-18 12:51:42 Writeback: 0 kB
178: 2024-07-18 12:51:42 AnonPages: 2223244 kB <-- Consistent increasing without release.

On FortiGate, AnonPages and Active(anon) pages frequently use a high amount of memory, causing FortiGate to enter conserve mode. The issue could be related to fcnacd processes leaking memory.

This can be verified by running the command 'diag sys top-mem 20' and checking if the memory for fcnacd is increasing constantly.  

Action plan:

If the debug log matches, it would match the bug ID, arrange an available time to upgrade firmware to the next patch 7.4.4 to fix the issue.