Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TopJimmy
New Contributor

Conserve Mode/Session Fail Mode

So whats the deal with these? I' ve got a brand new FWF60c running 4.2.3 (wiped flash and loaded a fresh version via tftp server before starting on it) with a very basic rule set and policies (3 policies) and today, with ZERO users and ZERO traffic on it, it spat out system Conserve Mode and the Session Fail Mode errors for about 30 seconds after doing a scheduled update. The event log looks like this: ------------------------------------ 12:32:28: Fortigate scheduled update virdb(12.00865) etdb(0.00000) idsdb(2.00939) aven(4.00254) idsen(1.00171) from 216.156.209.22:443 12:33:08: The system has entered system conserve mode (service: IM) 12:33:08: The system has activated session fail mode (service: IM) 12:33:08: The system has activated session fail mode (service: HTTP) 12:33:08: The system has activated session fail mode (service: SMTP) 12:33:08: The system has activated session fail mode (service: POP3) 12:33:08: The system has activated session fail mode (service: IMAP) 12:33:08: The system has activated session fail mode (service: FTP) 12:33:08: The system has activated session fail mode (service: NNTP) 12:33:20 The system exited system conserve mode (service: IM) 12:33:20: The system has deactivated session fail mode (service: IM) 12:33:20: The system has deactivated session fail mode (service: HTTP) 12:33:20: The system has deactivated session fail mode (service: SMTP) 12:33:20: The system has deactivated session fail mode (service: POP3) 12:33:20: The system has deactivated session fail mode (service: IMAP) 12:33:20: The system has deactivated session fail mode (service: FTP) 12:33:20: The system has deactivated session fail mode (service: NNTP) ------------------------------------ Any suggestions before I open a ticket?
-TJ
-TJ
5 REPLIES 5
ejhardin
Contributor

Maybe tried 4.2.2, it uses IPS engine 169. I used to get errors like this a lot in 4.2.0 and 4.2.1. Try this.... diag ips debug enable enable all diag debug crashlog read diag debug report
hidayet
New Contributor II

Hi TopJimmy, Check to see if your Fortigate AV/IPS updates are being performed at that the same time as conserve mode happens. I have seen ' conserve mode' happen during AV/IPS Updates. If so, call tech support and ask for a new IPS Engine Update
http://www.hidayetaltun.com
http://www.hidayetaltun.com
FortiRack_Eric
New Contributor III

yeah, somehow it only takes 10 minutes between opening a ticket and receiving an answer with a link to engine 172. Don' t forget to reboot after wards. Cheers, Eric

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
ejhardin
Contributor

Are you saying that the memory leak for the fortiguard updates came back in IPS engine 171. 169 fixed that issue from what I have seen. It is really scary that Fortinet is not learning from their mistakes. The Fortigate product is soon to be running 100% of its UTM functions off the IPS engine as it is the God process of the firewall. I hate to see what the future hold for new firmware. Memory leaks, High CPU and processes not releasing themselves should be the one test before release a new IPS engine.
horinius
New Contributor

Hi, I have a Fortigate 80C at version 4.1.4. I could upgrade to 4.1.10 but I would also like to jump to the 4.2 branch before the 4.1 branch got deprecated. Is this issue solved in 4.2.7? TIA
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors