Troubleshooting Tip: Troubleshooting file upload issues on small FortiGates (less than 2GB of memory) using a PPPoE scope

wcruvinel · ‎07-01-2024

Description

This article describes troubleshooting steps for resolving file upload issues on small FortiGate devices (less than 2GB of memory) using PPPoE.

Users may experience issues where PDF (or any other large file) uploads fail when using FortiGate devices (less than 2GB of memory) as the central firewall.

This problem is often observed when the Internet connection is terminated on the FortiGate using PPPoE, with the FortiGate directly connected to the ISP modem operating in bridge mode.

The issue is more frequent if the user has an xDSL connection with an upload capacity equal to or below 1Mbps.

Scope

Small FortiGates (less than 2GB of memory).

Solution

When the scenario described above exists, the following symptoms are typically observed:

High CPU and memory usage on the FortiGate during file uploads.
PPPoE connection flapping between the FortiGate and the PPPoE server.

Recommended solution.

To address this issue, install the optimization script below to free up resources (CPU and memory) and adjust the LCP timers.

Script for optimization to free up resources (CPU and memory) and adjust the LCP timers:

config system global

set memory-use-threshold-extreme 97
set memory-use-threshold-green 90
set memory-use-threshold-red 95
set reset-sessionless-tcp disable
set tcp-halfclose-timer 30
set tcp-timewait-timer 0
set tcp-rst-timer 5
set udp-idle-timer 60
set miglogd-children 1
set sslvpn-max-worker-count 2
set wad-worker-count 2
set scanunit-count 2

end

config system autoupdate schedule
set status disable
end

config ips global

set engine-count 2
set socket-size 32
set np-accel-mode none
set exclude-signatures none

end

config system session-ttl

set default 300

config port

edit 0

set protocol 17
set timeout 10
set end-port 53
set start-port 53

end

config system dns

set dns-cache-limit 600

end

config system fortiguard

set webfilter-cache-ttl 600
set antispam-cache-ttl 600

end

config system automation-action

edit "RestartWAD"

set action-type cli-script
set minimum-interval 5
set script "diag test app wad 99"
set accprofile "super_admin"

config system automation-trigger

edit "Enters Conserve Mode"

set event-type low-memory

config system automation-stitch

edit "Restart WAD during Conserve Mode"

set trigger "Enters Conserve Mode"

config actions

edit 1

set action "RestartWAD"
set required enable

config system auto-script

edit restart_IPSengine

set interval 43200
set repeat 356
set start auto
set script 'diagnose test application ipsmonitor 99'

config system interface

edit "wan1" <- Insert the PPPoE interface.

set vdom "root"
set mode pppoe
set lcp-echo-interval 30
set lcp-max-echo-fails 20

If the steps above do not fix the issue, check the articles below for help with troubleshooting performance problems related to Internet capacity and quality.

If a low-end device (with less than 2 GB of RAM) is being used, make sure to follow the recommended FortiOS version and capacity limits:

Technical Tip: Low throughput troubleshooting

Technical Tip: Script for reducing memory usage in small FortiGates experiencing conserve mode

Troubleshooting Tip: How high CPU usage should be investigated

Troubleshooting Tip: Troubleshooting PPPoE connection failed

Troubleshooting Tip: Troubleshooting file upload issues on small FortiGates (less than 2GB of memory) using a PPPoE scope

You are leaving our website