- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FG300D memory usage
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG300D memory usage
my FG300D firewall memory starts to go above 70% these few days?
such I be concerned
it used to hover around 60-65%.
should I clear logs on the FG300D or do some housekeeping ???
the below alert is from my monitoring system.
Trigger: Memory usage exceeded 70%Trigger status: PROBLEMTrigger severity: AverageTrigger URL: Item values: 1. System Memory Usage(%) (Fortigate300D:fgSysMemUsage): 71 %
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @kinmun
There is some important info you haven't told us:
How long has the unit been running for ( uptime )?
Have you made changes are add policies with security profiles recently?
Have you enabled any additional features like VPN, vuln scan or device ident?
Has your traffic through the unit increase ( eg. sessions or users )?
Generally, changes in config will cause fluctuations in memory usage so this may be expected or not. Try to work our if changes have happened between mem=60% and mem=70%.
The FGs are normally Ok up to 75% memory but thereafter you might get into conserve mode with some disabled features.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which version of FortiOS are you running? Have you checked if there is an update, and (in the Release Notes) if there are issues resolved concerning the memory usage?
With UTM, you can burn any amount of memory. Check your IPS settings, for instance that you don't enable ALL signatures at once.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
my firmware is 5.2.2 and have been running for 300 days.
recent changes is to allow some online radio websites which were being blocked as p2p traffic.
no other changes made.
any commands i can use to check what are causing the spike in memory usage??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recommend to
a) reboot
b) upgrade to 5.2.3 or 5.2.4
Take step a) in any case. Additionally, check IPS settings, if IPS is applied for the right policies. Same for AppCtrl.
Step b) needs some reading into the Release Notes and a search across the forum. There are known issues with both releases which may or may not affect your configuration.
I wouldn't be surprised if Fortinet has fixed some memory leaks in the last 3 upgrades.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
will schedule a reboot of the FG and upgrade the firmware to 5.2.3.
this is what i get when i go a diagnose sys top-summary immediately after a sudden spike above 70%
Mem [|||||||||||||||||||||||| ] 62.0% 4980M/7963M
Processes: 20 (running=1 sleeping=133)
PID RSS ^CPU% MEM% FDS TIME+ NAME
* 86 25M 5.7 0.3 12 00:14.12 httpclid [x3]
75 397M 2.8 5.0 368 19:18.47 ipsmonitor [x5]
14357 130M 0.9 1.6 4598 38:30.41 proxyd [x8]
3607 33M 0.0 0.4 11 00:41.38 pyfcgid
3609 13M 0.0 0.2 31 02:53.90 iked
14365 11M 0.0 0.1 14 00:00.29 dsd
48 26M 0.0 0.3 15 09:29.60 cmdbsvr
56 11M 0.0 0.1 87 00:12.50 zebos_launcher [x12]
18492 41M 0.0 0.5 12 00:03.18 pyfcgid
68 12M 0.0 0.2 16 40:33.58 uploadd
69 30M 0.0 0.4 58 14:31.67 miglogd [x3]
70 11M 0.0 0.1 12 11:03.11 ipmc_sensord
71 11M 0.0 0.1 8 00:00.30 kmiglogd
72 50M 0.0 0.6 25 00:15.83 httpsd [x5]
74 11M 0.0 0.1 8 00:00.40 getty
18507 31M 0.0 0.4 11 00:02.59 pyfcgid
76 11M 0.0 0.1 10 00:00.28 merged_daemons
77 11M 0.0 0.2 11 00:00.20 fnbamd
31822 34M 0.0 0.4 12 02:35.64 pyfcgid
81 11M 0.0 0.1 12 00:00.14 fclicense
FW # diagnose sys top-summary
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It truly is a shame FortiNet does not allow us to upgrade the ram. It's simply DDR sticks. I can see them through the vent holes in my 300C. Why would they only put 2GB in the 300C and are so skimpy with ram. It's not like it would cost any more to have put 4GB in the thing and then it would not have ram issues!
Heck even CISCO lets end users upgrade the ram in their ASA's!! CISCO!!! Without loosing support.
If they think there is a RAM issue they will ask you to put the OEM ram back in but I have never had that happen to any of the units I had and I had upgraded them all to run ASA 9.x.
FortiNet, Please spend the extra $2 and put at least 4GB ram in your units, and let end users upgrade the RAM like CISCO does. There is no reason these units should be strangled with only 2gb or less of ram when many of them can be end user upgraded simply.
Thanks,
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting
to loose track.
Over 100 WiFi AP's and growing.
FAZ-200D
FAC-VM 2 node cluster
Friends don't let friends FWF!
Related Posts
- High CPU for 201E 121 Views
- Authd process and cpu at 99%... 402 Views
- FortiAP 221E memory usage different between... 170 Views
- strange behavior of FortiGate on SSL... 466 Views
- FortiSwitch FS-108F got CPU_SENSOR warning event... 640 Views
Labels
-
FortiGate
6,450 -
FortiClient
1,287 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.