Hi All,
We are having an issue with our fortigate firewall. We run a pair of 200F in a HA setup. Yesterday we experienced the memory on our firewall climbing to 90% or more. We decided to reboot and then the issue would immediately start again. We noticed that there were loads and loads of DNS session requests.
We recently (about a day before this) turned off a old windows domain controller running DNS (to test before we demote it). While this issue was ongoing we decided to switch the old windows DC back on and at that point the increased memory stopped.
We have already updated the DNS network settings to point to both of our new DC's for DNS so not sure why this behavior is happening?
Can anyone suggest what else we could have missed?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Dave
Which FortiOS version?
Hi AEK
Do you mean firmware version? If so its 7.2.4 Build 1396
Dave
Hello
I guess some clients are still sending DNS queries to the old server, you can check this in traffic log. You know when a DNS server doesn't respond, some applications keep sending and sending DNS queries to the same server, leading to such behavior.
With traffic log, try detect which clients are still sending to the old server then correct them.
On the other hand, I'd ignore the memory consumption on my FortiGate unless it enters conserve mode. I'd just let FortiGate manages its memory as far as there is no conserve mode.
Thanks for the reply. Yep thats the trouble its going into conserve mode every time.
Created on 01-19-2024 02:48 AM Edited on 01-19-2024 02:50 AM
7.2.4 was buggy, i would recommend to go to 7.2.6 - As i read in this community, it should be mature in the end of January - but its just a rumor ;)
I went to 7.2.6 from 7.0.13 and I can see that traffic is more stable with various things, especially SDWan. I had problem with dns sessions where there was bad internet connection cuzed by SDWan. Weird behavior on windows was that it generates a lots of sessions - with no reasons, dummy.
Usually conserve mode is fixed by firmware updates.
You also can follow this guide and open a ticket.
So you may have a chance to fix it by directly patching to 7.2.6.
On the other hand to quickly finish with the useless DNS session, just add a firewall policy to deny DNS queries that are sent to the old DNS server.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.