Hi , Engineers ,
I am facing a big trouble and suffering attack from boss.
Can someone help to explain it ? High preciate for explanation .
1, I need to understand the effect to performance when I enable the IDS/IPS on the FortiGate60 . Had better to get an exact number .
2, On this FortiGate 60 , there are 20 direct VPN channels , and in this LAN , there are about 60 PCs and 10 servers. Enabled Anti-Spam,IDS,Anti-Virus,Web blocking . The external broadband bandwidth is 2Mbps . In working time , the memory utilization always more than 70% , even arrive at 85% . Sometimes , the CPU utilization may more than 90% . Pls refer to figures .
3, At this time , (CPU 99%,Memory 85%) , then the trouble come , I can' t access external network in this LAN , I can' t access the LAN from other offices through VPN channels , even ping any machines behind this FortiGate . just can https this FortiGate , I have to restart this FortiGate , then the utilization reduce , then I can access those equipments behind this FortiGate from other offices through VPN channels.
4, I urgently want to know the reason and solution . Why the memory and CPU is so highly , although my total bandwidth is just 2M , and FortiGate can support 70Mbps on firewall performance, 20M 3DES VPN performance , session 50,000 , VPN channel number 40 . From my implementation , every items is less than the maxim value , why my FortiGate encounter hanging up .
My FortiGate , total outgoing bandwidth 2 Mbps , 20 VPN channels , maxim session 3000, why it cause so highly utilization , CPU 99%, Memory 85% .
5, How to estimate each features effect for permance and throughput , e.g. Anti-Spam , Anti-Virus etc.
Attach figure to there ,
Come from MRTG server .
There is a document that can explain you how to obtain the best performance from a Fortigate and this is the same document I use when I consider to put a right Fgt model into a network. the document does not explain which command you can use to better configure your box.
http://kc.forticare.com/default.asp?SID=&Lang=1&id=237
For your answers:
-HEURISTIC on the CLI
configure antivirus heuristic ---> set mode " pass" or " block" or " disable"
-Firewall process impacts the cpu. Traffic passes trough the hardware engine.
-On the protection profile you must enable all signature/anomaly for scanning. In the 3.0 os version you can make some changes but is not still available 
Remember you can disable/enable protocols on the IDS/IPS configuration tabs.
-NTP, telnet etc... on both interfaces and firewall services if you dont really need them.
-exact values arent available. Antivirus works on memory and use much resources .The 60 model is affected of this memory leak problems. (128Mb only) Reduce the threshold value or disable it for protocols you dont use. I have no more of 10 pc' s behind my fgt60 (test lab) and the memory usage is always more than 60%. No fear this is a normal behaviour for a 60 model. 
-the encrypt engine use cpu resource for the encryption and decryption features on the vpn. You can monitor the usage of the resources by typing this command on the CLI:
diagnose sys top
and kill processes if you need.
diag sys kill
bye
pman
Remember you can disable/enable protocols on the IDS/IPS configuration tabs.
-NTP, telnet etc... on both interfaces and firewall services if you dont really need them.
-exact values arent available. Antivirus works on memory and use much resources .The 60 model is affected of this memory leak problems. (128Mb only) Reduce the threshold value or disable it for protocols you dont use. I have no more of 10 pc' s behind my fgt60 (test lab) and the memory usage is always more than 60%. No fear this is a normal behaviour for a 60 model.
-the encrypt engine use cpu resource for the encryption and decryption features on the vpn. You can monitor the usage of the resources by typing this command on the CLI:
diagnose sys top
and kill processes if you need.
diag sys kill
bye
pman
