Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
xaweer
New Contributor

Conserve Mode on 40F's with 7.4.5

I run a small MSP, I have about 15 FortiGates out in the field, a mixture of 40F's and 80F's. Since upgrading to 7.4.5, I've seen 3 of the 40F's go into conserve mode and stop routing traffic until they're rebooted.

Any confirmation from others?

May have to back these down to 7.2.10.

192.168.0.1 router login 192.168.l.l
8 REPLIES 8
AlexC-FTNT
Staff
Staff

I wonder what is your expectation from this post.

Conserve mode is expected when the unit is overutilized. Every new version comes with new features, requires more resources, and is expected to behave slightly different than before. Each setup is different, and traffic patterns are different too between customer. And all this on top of the fact that 40F is the smallest unit available. Finding what causes the conserve mode is a skill on its own, but there is technical support to assist you in these cases.


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
nejcs
New Contributor II

I do not agree with such a view. Fortigate is supposed to be a critical device in a network; if it's too many features are the cause of of conserve mode problems, then they should not put them all onto the small devices. 
They should also introduce clear limits, for example it makes no sense to advertise FG-40/60f as a model supporting 200 SSL VPN users https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-60f-series.pdf and https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-40f-series.pdf )
and then, at the same time, suggesting in a reply to our ticket that "According to the official Sizing Guide, the 60F appliance can support between 10 and 25 users." Sizing guide was attached to this ticket, but looks like it was later removed and I can not find it on the internet anymore. 

So I guess Fortinet has two options: they either fix their memory leaks or they remove the problematic features like IPS, since this one seems to be causing most of the memory leak problems. 

jblyon
New Contributor II

What a poor response from a Fortinet employee. There are serious memory leak issues with 7.4.5 which you are WELL aware of but refuse to acknowledge. Gaslighting your customers is NOT the way to handle this!

AlexC-FTNT

If we were "WELL aware" of this, I would be glad to share with you that we are working to fix it. Even the bug ID, or workarounds if available. Not as employee, but as any guy with some knowledge, I'd be glad to provide a solution. On another note, please go and put your anger elsewhere! It's people like you who point fingers without proof and complete lack of troubleshooting, that break good things (and communities). 


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
AEK
SuperUser
SuperUser

If they are in production I'd go back to the recommended version, which is 7.2.10.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Recommended-Release-for-FortiOS/ta-p/22717...

 

AEK
AEK
nejcs
New Contributor II

Same here. We have about 30 FG-40f and FG-60f in AD VPN mesh, and they all fall into conserve mode, even in locations where we only have 2 - 5 people working. 
We have a cluster of FG-200f at the HQ location, and this one is running at about 80% memory. 

We have had a ticket open for 7.4.4. Still, Fortinet only suggested some trivial "solutions," like lowering TCP session times and similar measures and implementing automation stitch to reboot some services or even the whole device.

It's obvious they have serious memory leak problems with the 7.4.x version, but they are unwilling to admit or even do anything about them. 

 

Nejc

m_eegdeman
New Contributor

Same problem here, also running around 30 Fortigates 40F - 60F 
After upgrading to version 7.4.5 the problems started. Going into conserve memory mode without restore of operation. Reboot is the only way to fix it.

Had also the case, I was realtime connected on the LAN side web interface. Used the interface about 15 minutes, looking at the memory load etc.for analysis of memory conserve problems.

The memory load 24h graphic/widget was 69% to 72% current, also pretty stable during the 24h, sudden out of the blue, warning of going to extreme memory conserve. Within seconds totally inresponsive. 


This is the screenshot of the logs, showing going into extreme low memory conserve mode in seconds from stable 72%

 

Extreme Low Memory ConserveExtreme Low Memory Conserve

 

So this needs to be adressed by Fortinet, something is not working as it should with 7.4.5 / 7.4.x

 

TriKill
New Contributor

I have 60F's that did the same thing today. Support had me use a mini IPS database and disable IPS acceleration. It was happening when my IPS database was updated from FortiGuard. Hopefully this resolves the issue.

My devices had a scrolling message on the consoles and wouldn't let me login, so they had to be power cycled.

 

<pid-251 /proc/251/cmdline> [lock_reg:150] fcntl(fd=4, cmd=6, lock={type=0,start=4,whence=0,len=1}) failed: 37(No locks available)
<pid-251 /proc/251/cmdline>
Reset button has been disabled, please press the button during the first 60 seconds after a power-cycle.

Reset button has been disabled, please press the button during the first 60 seconds after a power-cycle.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors