Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NotMine
Contributor II

Conserve Mode, FGT-60F & FortiOS 7.4

Hi,

 

Anyone out there using FortiOS v7.4.4,build2662 on the FortiGate-60F? How is your RAM usage?

 

I've installed v7.4.4,build2662 a couple of weeks ago, and the device was entering conserve mode every few days or so. Usual RAM utilization was around 75%, right after boot, so no wonder it was pushing it into conserve mode.

 

I've since downgraded to 7.2 (now usual RAM usage i 60-65%) but with this version we're having other issues which I would love to resolve (long connection times, need to refresh a web page a few times to open it etc...).

 

Here is the info I got during the last conserve mode:

firewall01  get system status

Version: FortiGate-60F v7.4.4,build2662,240514 (GA.F)

First GA patch build date: 230509

Security Level: 2

Firmware Signature: certified

Virus-DB: 92.05717(2024-07-10 07:26)

Extended DB: 92.05717(2024-07-10 07:25)

AV AI/ML Model: 2.17065(2024-07-10 07:45)

IPS-DB: 28.00824(2024-07-10 00:15)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 28.00823(2024-07-08 23:57)

FMWP-DB: 24.00070(2024-07-05 17:45)

IPS Malicious URL Database: 5.00107(2024-07-10 08:52)

IoT-Detect: 28.00824(2024-07-09 17:07)

OT-Detect-DB: 28.00824(2024-07-09 17:07)

OT-Patch-DB: 28.00824(2024-07-09 17:11)

OT-Threat-DB: 28.00823(2024-07-08 23:57)

IPS-Engine: 7.00539(2024-05-09 00:27)

Serial-Number: FGT60F*********

BIOS version: 05000030

System Part-Number: P24286-07

Log hard disk: Not available

Hostname: firewall01

Private Encryption: Disable

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 2662

Release Version Information: GA

System time: Wed Jul 10 18:32:42 2024

Last reboot reason: warm reboot

 

firewall01  diag sys top

[H[JRun Time:  0 days, 22 hours and 34 minutes

12U, 0N, 0S, 85I, 3WA, 0HI, 0SI, 0ST; 1917T, 301F

       ipshelper      186      R <    99.9     9.0    6

           quard      208      S       2.9     0.8    4

           snmpd      197      S       0.4     0.6    0

            node      169      S       0.0     4.1    6

       ipsengine      346      S <     0.0     3.3    5

       ipsengine      347      D <     0.0     3.3    7

       ipsengine      348      S <     0.0     3.1    6

             wad      298      S       0.0     2.6    2

       forticron      174      S       0.0     2.3    2

             wad      300      S       0.0     2.1    6

         cmdbsvr      132      S       0.0     2.1    0

         miglogd      183      S       0.0     2.0    0

          cw_acd      221      S       0.0     1.8    1

       forticron     3677      S       0.0     1.6    2

             wad      190      S       0.0     1.5    5

       forticron     3678      R       0.0     1.5    3

       forticron     3676      S       0.0     1.5    4

         sslvpnd      187      S       0.0     1.4    3

            csfd      228      S       0.0     1.3    5

       scanunitd     3645      S <     0.0     1.2    2

[H[JRun Time:  0 days, 22 hours and 34 minutes

2U, 0N, 1S, 73I, 24WA, 0HI, 0SI, 0ST; 1917T, 304F

       ipshelper      186      D <    11.7     7.0    1

            iked      192      S       2.9     0.9    4

       ipsengine      348      S <     1.9     3.7    6

       ipsengine      346      S <     1.3     3.8    5

       ipsengine      347      S <     1.3     3.8    7

         miglogd      306      S       0.3     1.3    0

       urlfilter      290      S <     0.3     0.8    1

           radvd      213      S       0.3     0.6    2

       forticron     3678      R       0.1     1.5    3

         sslvpnd      235      S       0.1     1.1    3

         sslvpnd      236      S       0.1     1.1    1

           authd      176      S       0.1     0.7    1

         syslogd      194      S       0.1     0.7    1

        dnsproxy      215      S       0.1     0.5    1

             acd      200      S       0.1     0.4    7

  merged_daemons      172      S       0.1     0.4    2

            node      169      S       0.0     4.1    6

             wad      298      S       0.0     2.6    2

       forticron      174      S       0.0     2.3    2

             wad      300      S       0.0     2.1    2

[H[JRun Time:  0 days, 22 hours and 34 minutes

10U, 0N, 0S, 87I, 3WA, 0HI, 0SI, 0ST; 1917T, 316F

       ipshelper      186      R <    83.1     7.4    1

       forticron      174      S       0.7     2.3    3

       ipsengine      346      S <     0.5     3.9    5

       ipsengine      347      S <     0.5     3.8    7

       ipsengine      348      S <     0.1     3.8    6

          cw_acd      221      S       0.1     1.8    0

         sslvpnd      238      S       0.1     1.1    7

            node      169      S       0.0     4.1    6

             wad      298      S       0.0     2.6    2

             wad      300      S       0.0     2.1    0

         cmdbsvr      132      S       0.0     2.1    0

         miglogd      183      S       0.0     2.1    5

       forticron     3677      S       0.0     1.6    2

             wad      190      S       0.0     1.5    6

       forticron     3678      R       0.0     1.5    3

       forticron     3676      S       0.0     1.5    4

         sslvpnd      187      S       0.0     1.4    5

         miglogd      306      S       0.0     1.3    2

            csfd      228      S       0.0     1.3    5

       scanunitd     3645      S <     0.0     1.2    2

[H[JRun Time:  0 days, 22 hours and 34 minutes

11U, 0N, 0S, 86I, 3WA, 0HI, 0SI, 0ST; 1917T, 330F

       ipshelper      186      R <    94.8     7.4    2

       ipsengine      348      D <     1.1     3.9    6

          cw_acd      221      S       0.1     1.8    3

       forticron     3678      R       0.1     1.5    3

         sslvpnd      235      S       0.1     1.1    4

           snmpd      197      S       0.1     0.6    3

            node      169      S       0.0     4.1    7

       ipsengine      346      S <     0.0     3.9    5

       ipsengine      347      S <     0.0     3.8    7

             wad      298      S       0.0     2.6    5

       forticron      174      S       0.0     2.3    3

             wad      300      S       0.0     2.1    5

         miglogd      183      S       0.0     2.1    0

         cmdbsvr      132      S       0.0     2.1    0

       forticron     3677      S       0.0     1.6    2

             wad      190      S       0.0     1.5    6

       forticron     3676      S       0.0     1.5    4

         sslvpnd      187      S       0.0     1.4    5

         miglogd      306      S       0.0     1.3    3

            csfd      228      S       0.0     1.3    6

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
37 REPLIES 37
pochtakazah

@NotMine Dude, just schedule killing of high-memory-consuming processes, idk for example every 3 hours... Here mine CLI script (FGT-60F):


fnsysctl killall wad
fnsysctl killall miglogd
fnsysctl killall ipsengine


without that FGT-60F (7.4.3) enters conserve mode every single day at same time (period 24 hours).

now it floats from 55% to 65% and again to 55% every 3 hours (with tweaks may be even lower). 

also you can create automation to reboot FGT when it enters conserve mode (to not driving to reboot it manualy).


NSE 5

NotMine

Thanks, If it comes to that, I'll try your method. But I really think that we should not be forced to 'hack' the device this way.

 

Anyway, tech support initiated RMA of the device. Hopefully, it will solve at least some problems. But most likely, we'll upgrade to 70F, as I understand it has 4GB of RAM.

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
EME
New Contributor III

Hello, I have a Fortigate 60F @Home. I upgraded it to 7.4.5 last Sunday (a maintenance window is rare at my house). My principle is to wait for patch .4 before upgrading to a new level. I was hoping I would be safe with 7.4.5.
But now my Fortigate enters “Kernel enters memory conserve mode” every day.
Once I had to reboot and twice it came out on its own.

I agree with @NotMine, that this Fortinet should fix this as it is clearly a bug. Changing the configuration, especially by disabling or limiting IPS scanning, is not an option for a Firewall.
By the way, this would certainly not be the first time either. I have also experienced it with FTG 1200Ds. Turned out to be a bug in the IPS engine after a very long case.

jblyon
New Contributor II

We're seeing the same thing happen on our 60Fs running 7.4.5. It enters conserve mode and then extreme low memory mode a few seconds later. This is immediately after a Fortiguard update occurs and the unit needs to reload the AV database. The unit will drop all connections until it is either rebooted or about 20 minutes pass. If you let the 20 minutes pass memory use drops right back down to the 66% that it's normally always at. There's no sign of any other memory leaks, it's sudden after an AV database reload following an update.

 

We have a ticket open, but Fortinet has not responded to it yet. In the meantime we've scheduled updates to occur outside business hours where it doesn't matter if a branch office drops offline for 20 minutes afterward. This has kept the units from dropping off during business hours.

 

Edit: Support replied trying to blame the fact that the unit was already at 66% memory use before the update process. I asked them to explain how an increase of at least 29% on 7.4.5 could be considered normal when on 7.2 and 6.4 memory use increases by only 1-2% during Fortiguard updates...

EME
New Contributor III

Yes I can confirm. After a “FortiSandbox AV database updated” I get “Low Memory” and “conserve mode” messages. I have listed 3 of them:

AV Update Conserve Mode.png

NotMine
Contributor II

Kudos to both of you, @jblyon and @EME, for narrowing down the potential cause!

 

We've replaced the unit in RMA, but the device is still entering the conserve mode.

 

I can substantiate your finding that FortiGuard update is causing this, because our device stopped responding yesterday around 1:30 PM, with FortiGuard updates scheduled daily at 1 PM. It was completely unresponsive, even thru the console connection.

 

Strangely enough, nothing in the crashlog about the conserve mode.

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
EME
New Contributor III

I just registered a case with Fortinet :)

swissroot
New Contributor II

I have exactly the same. Also done all tweaks mentioned by fortinet except the "killing" tasks and still get the conserve mode exactly at the time of the fortiguard update.

 

I upgraded this morning after the next down (this time even serial was not accessible) to 7.6 even this is feature and .0 release... read on some redit from a guy which has the same issues after that it was "more stable" :) also opened a ticket with forti. 

 

Let's see if the community get the solution before the vendor... ;)

NotMine

Great to have someone brave enough to try 7.6, @swissroot! :) Looking forward to see if it will resolve the issue. Although for us it is not a viable solution because we need SSL VPN (for IOS devices), which is discontinued for low-end devices in 7.6+.

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
swissroot
New Contributor II

The "brave" journey stopped hard over the weekend... First it was looking good until the update of the FortiGuard and then one CPU spiked to 100% and stayed there. After that randomly it gave no connection or extremely slow responses for surfing. The WebGui was still accessible without any issues and no special things are logged. The other day it was that bad with the random responses that I had to reboot it. This solved the CPU spike after 15min delay of the reboot... updating a IDS/AV???? But then it started again after about 3-4h uptime to get random delay's in surfing or streaming. Sometimes no delay sometimes even to the point of not reachable.

 

I was watching a movie on Sunday and this was doing it right in the middle again. I then decided to go the short way even with the knowledge of loosing something but being up hopefully in short time again and downgraded it to 7.2.10. This release is actually working fine on my 61F so I gave it a try. The downgrade took some time but since then (klapp on wood) it's stable on the 60F. I think I would doo a factory reset and fresh config on the 7.2.x train. 

Hard to see that Fortinet is rolling out such bad releases more and more and in the same time removing functions which where working on the 7.0 and 7.2 without any bigger issues on the "low-end" models if you stay in the spec's of small business amount of users.

 

Also as mentioned below why not put 2 or 4 gb extra of ram in it this will not make the whole unit much more expensive in terms of manufacturing, except the are buying the memory from apple...;-)

 

will post an update when I made the fresh config to get rid of the downgrade mess if it's stable now. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors