With proxy mode enabled on the main general internet policy with a maximum of 20Mbps throughput as that's the limit of the connection i'm at a steady 73%, in flow mode it's about 71%

It appears to be an issue with the 40F 60F and 100F given they share the same ASIC, try 6.0.8

 

I've had one ticket open for over a month now with bug confirmed but there is no guarantee of when it will be fixed, understand this is an architecture issue?

Hello,

Question is what is your expectation - what the percentage of memory usage should be?

FortiOS buffers and caches some data that are cleared when RAM is needed for something more

important. 60-70% right after device's start does not mean any issue at all.

 

Best Regards,

Alivo

 

I expect it not to go into conserve mode daily, I expect it not to use that much RAM it causes site to site VPN tunnels to drop. I expect it not to affect other system services. Buffers and cache are great.

Hello Robert P. I was referring to OP's original query. Alivo

 

 

I have the same problem. However with 6.2.3 memory usage dropped to 58% compared to 6.2.2 with 76% usage.

Support gave me some settings for IPS, to reduce the use of memory. In my case it is the IPS that is sucking the memory.

 

global ips config set cp-accel-mode basic regular set database end

 

And disable the log for memory:

 

config log memory setting set status disable end

I am also VERY disappointed in the performance of the FGT-60F.  Replaced a FGT-80D v5.6.11(build3955) running IPS/App.Control and WCF/AV/DLP (proxy-mode) with a FGT-60F v6.0.10 and we are seeing basically the exact same throughput (80Mbps/20Mbps) as the FGT-80D with much higher memory utilization (65 - 72% compared to 54 - 60% with the 80D).  A large majority of the memory utilization are the IPS engine daemon(s). This device does not have any ingress policies, just a small office with all outbound traffic. 

 

Tried stopping/restarting the engines via ipsmonitor to no avail. 

 

Bypassed all UTM inspection (except for botnet and IPS on the internal/external interface-policies) and still saw very little improvement in throughput, if any at all. 

 

Next step is to switch the entire device to flow-mode just to see what types of throughput it is capable of albeit losing some WCF/AV/DLP functionality.

 

This is very frustrating as this customer would have upgraded to a larger device like a 100 or 200E had Fortinet not published such unrealistic throughput specs on the 60F datasheet, it looked like a clear winner compared to the datasheet for the 80D:

 

80D - 210Mbps NGFW // 190 Mbps Threat Protection 60F - 1Gbps NGFW // 700 Mbps Threat Protection

What is the bandwidth of the connection? I'm getting my full bandwidth 600/150 on my 60F with everything turned on(mostly default settings). Running 6.2.3 in flow mode, it's not doing a whole lot... managing 2 switches and 2 APs and it's sitting at 60% memory. In my experience the F models don't run as well on the 6.0.x firmware - which is unfortunate as 6.0.x is more stable in general.

I think you are spot on, f series were released with 6.2 and had 6.0 back ported, it's not perfect and some of the hardware acceleration does not work on 6.0. The throughput values in the spec are for 6.2 and higher.