I run a small MSP, I have about 15 FortiGates out in the field, a mixture of 40F's and 80F's. Since upgrading to 7.4.5, I've seen 3 of the 40F's go into conserve mode and stop routing traffic until they're rebooted.
Any confirmation from others?
May have to back these down to 7.2.10.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I wonder what is your expectation from this post.
Conserve mode is expected when the unit is overutilized. Every new version comes with new features, requires more resources, and is expected to behave slightly different than before. Each setup is different, and traffic patterns are different too between customer. And all this on top of the fact that 40F is the smallest unit available. Finding what causes the conserve mode is a skill on its own, but there is technical support to assist you in these cases.
Created on 10-10-2024 03:42 AM Edited on 10-10-2024 03:44 AM
I do not agree with such a view. Fortigate is supposed to be a critical device in a network; if it's too many features are the cause of of conserve mode problems, then they should not put them all onto the small devices.
They should also introduce clear limits, for example it makes no sense to advertise FG-40/60f as a model supporting 200 SSL VPN users https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-60f-series.pdf and https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-40f-series.pdf )
and then, at the same time, suggesting in a reply to our ticket that "According to the official Sizing Guide, the 60F appliance can support between 10 and 25 users." Sizing guide was attached to this ticket, but looks like it was later removed and I can not find it on the internet anymore.
So I guess Fortinet has two options: they either fix their memory leaks or they remove the problematic features like IPS, since this one seems to be causing most of the memory leak problems.
If they are in production I'd go back to the recommended version, which is 7.2.10.
Same here. We have about 30 FG-40f and FG-60f in AD VPN mesh, and they all fall into conserve mode, even in locations where we only have 2 - 5 people working.
We have a cluster of FG-200f at the HQ location, and this one is running at about 80% memory.
We have had a ticket open for 7.4.4. Still, Fortinet only suggested some trivial "solutions," like lowering TCP session times and similar measures and implementing automation stitch to reboot some services or even the whole device.
It's obvious they have serious memory leak problems with the 7.4.x version, but they are unwilling to admit or even do anything about them.
Nejc
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1545 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.