Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DaveRattenbury
New Contributor

Fortigate Memory Issue due to DNS sessions

Hi All,

 

We are having an issue with our fortigate firewall. We run a pair of 200F in a HA setup. Yesterday we experienced the memory on our firewall climbing to 90% or more. We decided to reboot and then the issue would immediately start again. We noticed that there were loads and loads of DNS session requests.

 

We recently (about a day before this) turned off a old windows domain controller running DNS (to test before we demote it). While this issue was ongoing we decided to switch the old windows DC back on and at that point the increased memory stopped.

 

We have already updated the DNS network settings to point to both of our new DC's for DNS so not sure why this behavior is happening? 

 

Can anyone suggest what else we could have missed?

 

Thanks

6 REPLIES 6
AEK
Honored Contributor II

Hi Dave

Which FortiOS version?

AEK
AEK
DaveRattenbury

Hi AEK

 

Do you mean firmware version? If so its 7.2.4 Build 1396


Dave

AEK
Honored Contributor II

Hello

I guess some clients are still sending DNS queries to the old server, you can check this in traffic log. You know when a DNS server doesn't respond, some applications keep sending and sending DNS queries to the same server, leading to such behavior.

With traffic log, try detect which clients are still sending to the old server then correct them.

On the other hand, I'd ignore the memory consumption on my FortiGate unless it enters conserve mode. I'd just let FortiGate manages its memory as far as there is no conserve mode.

AEK
AEK
DaveRattenbury

Thanks for the reply. Yep thats the trouble its going into conserve mode every time.

romank

7.2.4 was buggy, i would recommend to go to 7.2.6 - As i read in this community, it should be mature in the end of January  - but its just a rumor ;) 

I went to 7.2.6 from 7.0.13 and I can see that traffic is more stable with various things, especially SDWan. I had problem with dns sessions where there was bad internet connection cuzed by SDWan. Weird behavior on windows was that it generates a lots of sessions - with no reasons, dummy. 

rkr
rkr
AEK
Honored Contributor II

Usually conserve mode is fixed by firmware updates.

You also can follow this guide and open a ticket.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-do-initial-troubleshooting-of...

So you may have a chance to fix it by directly patching to 7.2.6.

On the other hand to quickly finish with the useless DNS session, just add a firewall policy to deny DNS queries that are sent to the old DNS server.

AEK
AEK
Labels
Top Kudoed Authors