The following are some configuration adjustments to reduce and optimize memory usage when low-end models with UTM have high memory usage.

Increase memory-use-threshold:

config system global
    set memory-use-threshold-extreme 97
    set memory-use-threshold-green 90
    set memory-use-threshold-red 94
end

Or schedule an update at off-peak time. For example:

config system autoupdate schedule
    set frequency daily
    set time 03:00
end

Or reduce worker count. For example:

config system global

set miglogd-children 1

set sslvpn-max-worker-count 1

set wad-worker-count 1

set scanunit-count 2

end

The IPS process count can be configured:

config ips global
    set engine-count 1
    set cp-accel-mode none
    set exclude-signatures none
end

config log memory setting
    set status disable
end

config log disk filter
    set forward-traffic disable
end

Reduce session-TTL to improve session recycling efficiency:

config system session-ttl
    set default 600
    config port
        edit 1
            set protocol 17
            set timeout 120
        next
    end
end

Reduce dns-cache:

config system dns
    set dns-cache-limit 300
end

Disabled the security rating submission:

config system global
    set security-rating-result-submission disable
    set security-rating-run-on-schedule disable
end

Reduce internet-service-database:

config sys global

set internet-service-database on-demand

end

exe update-ffdb-on-demand

Note:

Consider these low-end models have only 2GB of RAM. It is therefore very likely this device will enter conserve mode quickly if there are many sessions in progress for FortiGate.

Related articles:

• Technical Tip: Low-end FortiGate models with RAM ≤ 2GB entering conserve mode due to increased ISDB ...
  
• Technical Tip: Free up memory to avoid conserve mode