After upgrading our Fortigate 600E (two firewalls in HA) first to FortiOS 7.0.4 then later 7.0.5 we are experiencing what I suspect is memory leak issues.
Over time the memory usage goes up gradually to the point where the firewall goes into "conserve mode" and traffic forwarding stops. After reboot (HA failover) the memory usage is back down and then after about three weeks it goes into conserve mode again.
Anyone else experiencing the same problems?
Do you think I should just roll back to 6.4.x or wait for the next patch?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The memory usage issues we experienced after upgrading from 6.4.x to 7.0.x seems to have been resolved with upgrading to 7.2.0 so I consider this case closed.
Created on 03-28-2022 06:31 AM Edited on 03-28-2022 11:03 AM
I too am facing this issue with a FortiGate VM64 device in Azure. Its running 7.0.5.
Over a period of 3-8 days, the device will use up memory until services fail on the device which require a failover to the secondary VM.
Snapshot over 24 hours...
What tool are you using to capture a longer time? I can only get 24hours on the device itself?
We have FortiAnalyzer which provides more history.
Created on 04-07-2022 01:04 PM Edited on 04-21-2022 01:49 AM
Fortinet Support helped me get around this solution until a fix is put in place. They said 7.0.6 will fix the issue… we’ll see.
So, the issue is down to the WAD process which is responsible for traffic forwarding/proxying based on policy.
it doesn’t release memory and eventually goes into conserved mode.
Support gave me this config to apply to the Fortigate. Its an AutoScript which runs every 24hours and kills the WAD process. The WAD process starts again immediately.
This is safe to run in business hours and not service affecting.
This auto script runs at the point of you entering it into the CLI, I inputted it in at 16:30, so it runs everyday and will do so for 200 times (or days in my case) then stop:
config system auto-script
edit restart_wad
set interval 86400
set repeat 200
set start auto
set script 'diag test app wad 99'
next
end
Settings are:
interval Repeat interval in seconds.
repeat Number of times to repeat this script (0 = infinite).
start Script starting mode.
script List of FortiOS CLI commands to repeat.
After applying this, the memory usage dropped immediately. It does so every day at 16:30. So far 3 weeks and not an issue!
To remove the Auto Script:
config system auto-script
delete restart_wad
end
We have the same problem, I image they didn´t said you the date from realease the 7.0.6...
No they didn't give a date. However the workaround method I posted works well for us.
Same problem with 7.0.9, this script seems to have solve the problem.
Thanks!
Great to hear :)
It's the same for me. TAC has raised many tickets for me. Some say there is, some say there isn't, and still others say it's an active bug that will be fixed in 7.0.3. five nights at freddy's
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.