|
The following are some configuration adjustments to reduce and optimize memory usage when low-end models with UTM have high memory usage.
Increase memory-use-threshold:
config system global
set memory-use-threshold-extreme 97
set memory-use-threshold-green 90
set memory-use-threshold-red 94
end
Or schedule an update at off-peak time. For example:
config system autoupdate schedule
set frequency daily
set time 03:00
end
Or reduce worker count. For example:
config system global
set miglogd-children 1
set sslvpn-max-worker-count 1
set wad-worker-count 1
set scanunit-count 2
end
The IPS process count can be configured:
config ips global
set engine-count 1
set cp-accel-mode none
set exclude-signatures none
end
config log memory setting
set status disable
end
config log disk filter <----- This command only applies to models with onboard logging disks.
set forward-traffic disable
end
Reduce session-TTL to improve session recycling efficiency:
config system session-ttl
set default 600
config port
edit 1
set protocol 17
set timeout 120
next
end
end
Reduce dns-cache:
config system dns
set dns-cache-limit 300
end
Disabled the security rating submission:
config system global
set security-rating-result-submission disable
set security-rating-run-on-schedule disable
end
Reduce internet-service-database:
config sys global
set internet-service-database on-demand
end
exe update-ffdb-on-demand
Note 1:
Consider that these low-end models have only 2GB of RAM. It is therefore very likely that this device will enter conserve mode quickly if there are many sessions in progress for FortiGate.
Note 2:
On v7.6.3, further optimizations were done which remove or rework certain features on devices with 2GB or less of memory.
For further details, consult Optimizations for physical FortiGate devices with 2 GB RAM 7.6.3
Related articles:
Technical Tip: Low-end FortiGate models with RAM ≤ 2GB entering conserve mode due to increased ISDB ...
Technical Tip: Free up memory to avoid conserve mode
|
