Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hlngan
Staff
Staff

Created on ‎05-16-2023 10:07 PM Edited on ‎11-29-2023 11:49 PM By Community Manager

Article Id 256838

Troubleshooting Tip: IPS entering fail open mode

Description This article discusses IPS entering fail open mode.
Scope FortiGate.
Solution

When observation on the FortiGate with IPS entering fails open mode frequently:

 

...

msg="IPS session scan resumed, exit fail open mode."
msg="IPS session scan, enter fail open mode"

msg="IPS session scan resumed, exit fail open mode." 
msg="IPS session scan, enter fail open mode"
...

This might lead to a few suspects:

 

  1.  High usage of Memory/ CPU:

Check if there is any high Memory/CPU on the FortiGate:

 

diagnose sys top

get sys performance status

 

  1. IPS having a crash:

Use the below command to check if there is a constantly crashed:

 

diag debug crashlog read

 

  1. If none of the above, that might be caused by out-of-buffer on the IPS:

Check the IPS buffer setting on the FortiGate by:

 

diag test app ipsmonitor 1

 

Try to increase the IPS buffer by:

 

config ips global

    set socket-size <x>

end

 

If the issue still persists, kindly collect the info above and contact Fortinet support.

 

Related Document:

Technical Tip: IPS - 'socket size' and 'fail-open' mode
5852
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.