Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: 60F high mem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
60F high mem
Hey All,
Just got a 60f and putting it through the paces. I am noticing high mem around 60% and if np does anything basically goes to conserve mode and need to reboot. Scoured cookbook and other googles and cant seem to find a good NPU best practice.
Wondering if anyone else has played with this at all. Using at home, about 10 policies, 2 of which do actual filtering.
Just wondering thoughts.
Solved! Go to Solution.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For FOS v6.4, just request IPS package v6.0.30 or later from TAC.
This is a new feature tracked by mantis 0613814: Reduce IPS memory consumption.
It is still being backported to FOS v6.2/6.0 later on as one of major features (not available yet currently, more testing likely pending).
Hopefully it would make it to the next IPS official public release for FOS v6.2/v6.0 (can't ascertain this).
28 REPLIES 28
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What process(es) seems to be taking up the memory most? "diag sys top 5 20" then "Shift-M".
Since it's a brand-new product with a new SOC4 chip, I would open a ticket with TAC right away.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortios version?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ps interested how this plays out due to a comment I heard about soc4 not having a real NP, and was somehow software based / emulated. Could NP usage affect memory usage?????
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you on 6.2.2 and using proxy mode instead of flow? Lot of perf/memory bugs that were reported fixed in 6.2.3, many of which were WAD process, so flow mode might be a temp workaround.
As others mentioned, we’re just guessing without a FortiOS version and diag says top.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Or, if this is a new implementation and the issues are that bad, try 6.0.8
Warning, it will require manual reconfig from scratch
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Running 6.2.2. This is my attempt at coming back to Fortinet from the 5 days.
I will be calling TAC to get some info, but just to try an answer some of the questions here...
Which part would be proxy vs flow, looking through my list i didn't see anything glaring sticking out.
Also looking through cookbook to see if i can just turn off the NPU, right now it seems to be the app control that really pushes it over.
WIth the setup the only filtering on is web/av/dns
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Run Time: 1 days, 2 hours and 3 minutes 0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1819T, 303F ipshelper 188 S < 0.0 16.9 ipsengine 255 S < 0.1 5.3 httpsd 4721 S 0.0 5.3 ipsengine 253 S < 0.0 5.3 ipsengine 256 S < 0.0 5.2 ipsengine 254 S < 0.1 5.2 cmdbsvr 128 S 0.0 2.3 scanunitd 6590 S < 0.0 1.9 pyfcgid 4455 S 0.0 1.9 pyfcgid 4454 S 0.0 1.9 pyfcgid 4451 S 0.0 1.8 scanunitd 175 S < 0.0 1.8 scanunitd 6592 S < 0.0 1.8 scanunitd 6587 S < 0.0 1.8 scanunitd 6588 S < 0.0 1.7 scanunitd 6589 S < 0.0 1.7 scanunitd 6591 S < 0.0 1.7 scanunitd 6593 S < 0.0 1.7 scanunitd 6594 S < 0.0 1.7 httpsd 4725 S 1.3 1.5 Run Time: 1 days, 2 hours and 3 minutes 0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1819T, 303F ipshelper 188 S < 0.0 16.9 ipsengine 255 S < 0.1 5.3 httpsd 4721 S 0.0 5.3 ipsengine 253 S < 0.0 5.3 ipsengine 256 S < 0.0 5.2 ipsengine 254 S < 0.1 5.2 cmdbsvr 128 S 0.0 2.3 scanunitd 6590 S < 0.0 1.9 pyfcgid 4455 S 0.0 1.9 pyfcgid 4454 S 0.0 1.9 pyfcgid 4451 S 0.0 1.8 scanunitd 175 S < 0.0 1.8 scanunitd 6592 S < 0.0 1.8 scanunitd 6587 S < 0.0 1.8 scanunitd 6588 S < 0.0 1.7 scanunitd 6589 S < 0.0 1.7 scanunitd 6591 S < 0.0 1.7 scanunitd 6593 S < 0.0 1.7 scanunitd 6594 S < 0.0 1.7 httpsd 4725 S 0.9 1.5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
restarting the engine took me from 75% down to 63%
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also have a 60F running 6.2.2 the last 6 weeks or so, with a couple of fortiswitches and and ap. got a mix of rules including a couple with AV, webfiltering etc. in proxy mode, no deep ssl inspection though. During that time i've had to reboot the box once due to a suspected problem with fortilink, it hadn't gone to conserve though.
6.2.3 isn't out yet for the SOC4 models.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Fortigate not showing Deny logs 699 Views
- Seeking Guidance: FortiGate HA 262 Views
- please clarify some concepts for performance... 150 Views
- Fortiswtich 81F and 81FWF (Wad process... 316 Views
- FortiOS 7.6.0 Build3401 - RadSec TLS... 704 Views
Labels
-
FortiGate
8,525 -
FortiClient
1,724 -
5.2
801 -
FortiManager
717 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
463 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
225 -
FortiWeb
201 -
5.0
196 -
IPsec
191 -
FortiNAC
181 -
FortiGuard
136 -
6.4
128 -
SD-WAN
112 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
85 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
74 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
54 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
48 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
41 -
DNS
41 -
BGP
40 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
34 -
Authentication
33 -
NAT
32 -
SSO
31 -
Interface
31 -
RADIUS
30 -
FortiConnect
28 -
FortiLink
27 -
FortiWAN
26 -
VDOM
26 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
FortiPAM
22 -
Virtual IP
22 -
SSL SSH inspection
21 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Intrusion prevention
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1665 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.