Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate-VM system lock up with Maxed out CPU and RAM when enabling a security profile

I am somewhat new to FortiGate so bear with me. I am evaluating the FortiGate VM running on VMware, comparing it to the SOPHOS XG Home VM. I am using the evaluation licenses for both products and will be using one in my home.

Here is my situation:

1. Deployed the VM without problems (1vCPU, 1GB RAM, Firmware v6.20build 0866 GA)

2. Defined my interfaces LAN and WAN

3. Created an IPV4 policy for LAN to WAN  for all. This gets internet traffic flowing and all is well to this point.

4. As soon as I apply a default security profile (AV or Web filter) to the IPV4 policy the VM goes to 100% CPU and 100% RAM usage. Looking at the console there is an error. "[show_walker_construct: 86] write_firstline (vdom=global) failed followed by a "can't set buffer size, ret=-1 error:Cannnot allocate memory" error.


Any ideas? The evaluation is not very useful like this. Perhaps I am doing something wrong with the setup.

1. are the hardware restrictions on the eval license too low?

2. Is this a bug?

3. Is there a home use version similar to the SOPHOS offering for IT professionals\Partners? I am aware of the NFR program, just curious if there is a "free" version. I'm cheap and would prefer to not spend $ :).



Hi, Do your tests with 6.0.5, there is major issues with 6.2.0. As soon IPS works a bit, it fulls memory and use lot of CPU. Version 6.0.5 is really stable, you’ll love it! Regards, Philippe

Thanks Philippe, That fixed that problem.


Now I'm struggling with certificate issues. I have read the Dealing with Certificate cookbook. I am using the built in Self Signed cert and I have imported it into the Local computer - Trusted Root Certificate Authority. Yet I still get errors\blocking when accessing sites like Bing (Microsoft sites) and Outlook will prompt with invalid certificate errors.


When inspecting the certificate, it does indicate that it has an "This certificate has an invalid digital signature".


Any thoughts?




Two things:


First, Are you using Firefox? If yes, Firefox have it's own certificate store.


Second, be sure to download the Self-signed certificate from Security Profiles -> SSL/SSH Inpection -> select your profil and click the link. You're right, you have to import it on your computer in "Trusted Root Certificates". You can also use GPO to deploy it. I configured really often Deep-Inspection without major issue.