Hi,
Is there any best practices for what the CPU and Memory thresholds should be for Fortigate 900D? We are running FortiOS 5.4.4 on our devices.
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Like what percentages you want to keep them under? It really depends on the environment and architecture. For instance, if you have two Gates in an active - active HA you want the total load to be less than 50% so if one fails the other can handle everything etc.
Mike Pruett
We're running two 900Ds in Active-Passive mode. Would just like to know if there is any best practices for system health monitoring, i.e. CPU < 50%, mem < 75% etc. I couldn't find any documentation on this.
Thanks
CPU and memory load are handled differently.
CPU spiking, even up to 100%, is OK. Average CPU load above, say, 50%, would indicate that the HW is underpowered. That is my personal subjective opinion. The CPU is needed for session setup, DNS, NTP, NAT and more, some GUI as well, so a high CPU mark would most probably indicate that too many sessions per second are opened (for instance). Beware that handling the HA traffic needs resources too.
In my experience, permanent CPU overload occurs seldom. If it does, funny things can happen. My old 50B just rebooted after some minutes with 100% CPU load...but that's long ago.
High memory usage on the other hand has the potential to compromise functionality up to fatal breakdown. FortiOS will terminate services (processes) if memory usage exceeds 80%. This is documented. The error log message at this moment declares "conserve mode entered" which should ring all alarm bells. If memory consumption is still rising, you will lose the WebGUI at one point, and later the FGT will stall.
For instance, loading an 80C rev.1 model with 512 MB RAM with FortiOS v5.4 immediately produced 67% memory usage. I would not put that into production, or else I would have to watch it closely.
HTH.
I have to agreed with Ede. Also keep in mind that if the traffic is offload to a NP , the CPU is out of the picture for the most part. Where we see high cpu usage or memory
UTM av-profile policies
SSLvpn
captive portal
exp-proxy
during software uploads or reports
heavy logging or multiple logging destinations ( mem fAz syslogd fcloud etc.....)
etc...
So just set some threshold values and monitor ( e.g 75% warning 90% critical etc......)
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1468 | |
1006 | |
748 | |
443 | |
206 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.