Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MarkusM
New Contributor

Fortigate 80C memory usage with FortiOS 5.2.x

Hi,

 

we have a few 80C running now on FortiOS 5.2.x. On many of them we are running into out-of-memory situations (conserve mode, AV connection limit) with rather small configuration and typical about 10 users / PCs.

 

Although upgrading the hardware maybe considered later, for now we cannot upgrade all the units better hardware.

So just after a reboot the memory usage is like this:

 

   CPU [|||||||||||                             ]  28.0%    Mem [|||||||||||||||||||||||||||||           ]  73.0%   365M/499M    Processes: 20 (running=1 sleeping=82)    PID      RSS   CPU% ^MEM%   FDS     TIME+  NAME  * 249      54M    0.8 10.9    27  00:36.95  ipsmonitor [x3]    53       42M    0.0  8.5    13  00:15.20  pyfcgid [x4]    84       34M   21.5  6.9    15  03:54.83  sshd [x4]    52       28M    0.0  5.8    19  00:47.26  httpsd [x5]    32       20M    0.0  4.1    13  00:15.95  cmdbsvr    50       16M    0.0  3.3    28  00:01.57  miglogd    61       16M    0.0  3.2    19  00:08.20  ipshelper    67       14M    0.0  2.9   838  00:34.20  proxyd [x6]    64       14M    0.0  2.8    40  00:15.61  authd    94       12M    0.0  2.4    16  00:00.50  fgfmd    95       11M    0.0  2.4    25  00:00.48  cw_acd    70       11M    0.0  2.3    28  00:08.98  scanunitd [x3]    37       10M    0.8  2.1    89  00:13.21  zebos_launcher [x12]    82        9M    0.0  1.9    20  00:01.86  urlfilter    91        9M    0.0  1.8    29  00:01.27  dnsproxy    71        9M    0.0  1.8    11  00:00.45  updated    63        8M    0.0  1.8    14  00:00.38  forticldd    62        8M    0.0  1.8    19  00:00.20  forticron    69        8M    0.0  1.7    41  00:00.61  wad [x2]    59        8M    0.0  1.7    13  00:00.10  fnbamd

In none of the policies IPS is used, AV is currently set to inspect "nothing". Is there any way to reduce the memory used by the "ipsmonitor" process? I already tried setting the algorithm to "low", but it has no effect on the mem usage:

 

(global) # show ips global config ips global     set algorithm low     set default-app-cat-mask 18446744073474670591 end

Regards

Markus

3 REPLIES 3
ede_pfau
SuperUser
SuperUser

We're running v5.2.3 on a 80C rev. 2 with 1 GB RAM, with IPS and AV, at 67% mem usage. So, I'd conclude you either upgrade the hardware or downgrade to v5.0.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Dave_Hall
Honored Contributor

Last February we conducted our own assessment on the 80CMs (rev1) under 5.0, 5.2 and (even following Fortinet's optimizing guide) were not happy with the memory footprint.   The 80CM with a factory config under the three firmwares, the memory usage looks like this:

 

4.3 MR3 patch 18    23% 5.0 patch 10        39% 5.2.2            42%

 

With our base (template) config on 5.0.  the memory usage went up to 62-66%.   There was not that much a difference in tweaking the settings, except for changing the cache size for virus scanning compressed files/archives; standard default cache size is 10 MB -- changing this value to say 2 MB would give the 80CM about 8-10 MB more memory.

 

Based on the above, we have decided to keep our 80CMs on 4.3. MR3 firmware and look towards replacing them with 92D hardware.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Allwyn_Mascarenhas

HI

 

I just upgraded to 5.2.3 on FGT 80C and facing this problem.

 

No matter how much I optimize the settings, the memory usage won't go below 70%. It even goes up to 80% at times.

 

The client was facing issues with slow internet speeds, files not downloading, attachments not downloading etc.

 

I just upgraded thinking upgraded firmware optimizes the memory etc on devices and for the better GUI experience. Is that line of thinking just wrong?

 

So should I flash the device to go back to FortiOS 4.0 MR P18?

 

I've never downgraded a firmware before.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors