After update IPS engine on 09.02.2022 to 06.004.114 firewall every day disconnect all connections and get error on crash log: "Memory conserve mode entered"
ipsengine 06.004.114 crashed 1 times. The latest crash was at 2022-02-14
my machine:
Version: FortiGate-100F v6.4.8,build1914,211117 (GA)
IPS Attack Engine
---------
Version: 6.00114
log:
----------------
195: 2022-02-14 12:47:33 <00309> firmware FortiGate-100F v6.4.8,build1914b1914,211117 (GA) (Release)
196: 2022-02-14 12:47:33 <00309> application ipsengine 06.004.114
197: 2022-02-14 12:47:33 <00309> *** signal 11 (Segmentation fault) received ***
198: 2022-02-14 12:47:33 <00309> Register dump:
199: 2022-02-14 12:47:33 <00309> R0: 0000007f9e432ee0 R1: fff9000000000000 R2: fffffffffffffff7
200: 2022-02-14 12:47:33 R3: fffb807fa046c510
201: 2022-02-14 12:47:33 <00309> R4: fffffffffffffff4 R5: fffffffffffffff5 R6: fffffffffffffff3
202: 2022-02-14 12:47:33 R7: fff9000000000005
203: 2022-02-14 12:47:33 <00309> XR: ffffffffffffffff R9: fffb807fa046c260 R10: fffd807fa0484ba8
204: 2022-02-14 12:47:33 R11: 0000000008000000
205: 2022-02-14 12:47:33 <00309> R12: 0000007f9e3b7d88 R13: fffffffffffffff3 R14: 0000007fa046dae8
206: 2022-02-14 12:47:33 R15: 0000007f9e432f80
207: 2022-02-14 12:47:33 <00309> IP0: 0000000000000303 IP1: 0000000000000016 PR: 0000000000000001
208: 2022-02-14 12:47:33 R19: 00002c4da04666c0
209: 2022-02-14 12:47:33 <00309> R20: 0000000000002ace R21: 0000007fa046c510 R22: 0000007fa04803e0
210: 2022-02-14 12:47:33 R23: 0000000000000040
211: 2022-02-14 12:47:33 <00309> R24: 0000007fa046dae8 R25: 0000000000002c0d R26: 0000000000002ad3
212: 2022-02-14 12:47:33 R27: 0000007f9e432f00
213: 2022-02-14 12:47:33 <00309> R28: 0000007fa046db88 FP: 0000007ffd0c3840 LR: fff9807fa046dae8
214: 2022-02-14 12:47:33 <00309> fault_address: 00002c4da0466790 sp: 0000007ffd0c3800
215: 2022-02-14 12:47:33 <00309> pc: 0000007f9e422644 pstate: 0000000020000000
216: 2022-02-14 12:47:33 <00309> Backtrace:
217: 2022-02-14 12:47:33 <00309> [0x7f9e422644]
218: 2022-02-14 12:47:33 <00309> fortidev 5.0.6.0016
219: 2022-02-14 12:47:33 [IPS Engine <00309>] base: 0x7fa04cd000
220: 2022-02-14 12:47:33 [IPS Engine <00309>] Last session info:
221: 2022-02-14 12:47:33 [IPS Engine <00309>] No session found.
222: 2022-02-14 13:47:37 ipsengine 06.004.114 crashed 1 times. The latest crash was at 2022-02-14
223: 2022-02-14 13:47:37 12:47:33.
224: 2022-02-14 14:24:48 logdesc="Memory conserve mode entered" service=kernel conserve=on total="3615
225: 2022-02-14 14:24:48 MB" used="3181 MB" red="3181 MB" green="2964 MB" msg="Kernel enters memory
226: 2022-02-14 14:24:48 conserve mode"
-----------------------
FortiGate 100F
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Conserve mode can be caused by ipsengine, but generally, when conserve mode is triggered, the system tries to free up memory and that may kill the top process. So the crash may not be a real crash, just something caused by conserve mode.
This should be checked in a support ticket for memory usage - crashes are not a widely known issue/bug affecting this IPS version.
3 different support engineers was working on this ticket, 5 times more than hour production site was down.
Yesterday I'm ask to downgrade IPS to previous Version 6.00100.
will update if that help
Hello,
did you received any update from TAC support on this ?
Same problem here with same behavior and consequences (IPS engines crash multiple time then down our production flow)
I have ticket opened since 20220301
Last update from support :
"I received an update from our dev team, and they confirmed, you are hitting bug ID698247.
The issue is still under investigation."
firmware 7.0.5 with Version: 7.00105 IPS Engine
Also v6.4.9 build1966 (GA) have the same problem of conserve mode.
Urgent resolution needed
How do you know it is "the same problem" -do you have a bug ID that was confirmed?
Also - "urgent resolution" is maybe for a TAC case. I guess you realize this is a forum environment and bugs are not fixed here, and neither optimization suggestions / design changes based on your config.
Hello, Kindly update your firmware to the latest firmware. If the issue still persists, manually update the IPS engine.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.