Memory Depleted - Unit hangs (I need advise on tweak-able settings)
I have a FortiGate 100D and 8 VDOMs. The unit is currently handling roughly 40Mbit/s throughput during peak business hours. The CPU usage averages around 10%-15% during peak business hours.
We had an event where the unit was unresponsive, lights are flashing on but no throughput and we cannot manage it. We cycled power to the unit to get it working again. Logs stated some entries where memory has maxed out: "FortiGate has reached system connection limit for seconds" with NO "Converve mode" status logged.
We run firmware v5.2.3,build670 (GA).
I need advice on the tweak-able memory options as well as perhaps ideas of how I can prevent the unit from hanging when the memory is full. Or turn on verbose debug options to understand why it hangs should it happen again.
Are you putting in IPS, AV, URL Filtering, App blocking in all your policies? Are you also logging everything in your policies instead of just security events? Also is the Admin GUI constantly being logged in?
If you are, you may want to check and ensure that only the appropriate IPS, URL filtering, App blocking are implemented on the policies, Eg, Do you need IPS for your Outbound LAN-WAN connection, Do you need URL Filtering on your servers in the DMZ?.
Also check if your URL filtering has many categories that are set to Monitor, all these are logged.
As far as I know, try not to keep logging into the Admin GUI all the time as that thing takes up quite a bit if you keep checking the logs. If you can, send the logs to a log server instead.
I agreed with zulhadry but will add ; what policies do you have logging enabled? Do you have memory syslog and forticloud ?
I had a customer of mine that had a firewall that ran always over 65% cpu. He thought logging all items was a good thing ( wrong ! ) . Once we trimmed his enabled firewall policies down to size, cut back unwanted loggings, disable certain events logging, the cpu went down. Now his unit avgs 30-37%.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.