Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Shawn_Gradwell
New Contributor

Memory Depleted - Unit hangs (I need advise on tweak-able settings)

I have a FortiGate 100D and 8 VDOMs. The unit is currently handling roughly 40Mbit/s throughput during peak business hours. The CPU usage averages around 10%-15% during peak business hours.

 

We had an event where the unit was unresponsive, lights are flashing on but no throughput and we cannot manage it. We cycled power to the unit to get it working again. Logs stated some entries where memory has maxed out: "FortiGate has reached system connection limit for seconds" with NO "Converve mode" status logged.

 

We run firmware v5.2.3,build670 (GA).

 

I need advice on the tweak-able memory options as well as perhaps ideas of how I can prevent the unit from hanging when the memory is full. Or turn on verbose debug options to understand why it hangs should it happen again.

 

2 REPLIES 2
Zulhardy
New Contributor

Are you putting in IPS, AV, URL Filtering, App blocking in all your policies? Are you also logging everything in your policies instead of just security events? Also is the Admin GUI constantly being logged in?

 

If you are, you may want to check and ensure that only the appropriate IPS, URL filtering, App blocking are implemented on the policies, Eg, Do you need IPS for your Outbound LAN-WAN connection, Do you need URL Filtering on your servers in the DMZ?.

 

Also check if your URL filtering has many categories that are set to Monitor, all these are logged.

 

As far as I know, try not to keep logging into the Admin GUI all the time as that thing takes up quite a bit if you keep checking the logs. If you can, send the logs to a log server instead.

emnoc
Esteemed Contributor III

I agreed with zulhadry but will add ; what policies do you have logging enabled? Do you have memory syslog and forticloud ?

 

 

I had a customer of mine  that had a firewall that ran always over 65% cpu. He thought logging all items was a good  thing ( wrong ! ) . Once we trimmed his enabled firewall policies down to size, cut back unwanted loggings, disable certain  events logging, the  cpu went down.  Now his unit avgs 30-37%.

 

ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Top Kudoed Authors