Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
Contributor III

Created on ‎06-24-2024 03:29 AM

Memory Issues FG81E after update 7.4.4

Hi,

 

we use this HA FG81 cluster in one office with 30-40 people (no VPN, normal usage, % 2000 sessions, etc.). We experienced now that with every new 7.4.X update we increase memory usage so that now we have like 75% memory usage.


We did already some changes with some CLI commands but only disabling IPS would affect the memory and now we are at 68% with no IPS in all polices.

 

We kind of can live with that, but can we expect now with every update more memory usage?

 

Thanks,

 

 

Labels:
1502
0 Kudos
5 REPLIES 5
srajeswaran
Staff
Staff

Created on ‎06-24-2024 03:34 AM

Do you know which process is running with high memory usage?

diagnose sys top-mem -> wll give the process with high memory usage. Please run multiple time if the same process is utilizing more memory
diagnose debug crashlog read -> Check if any process is crashing.

 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1498
RolandBaumgaertner72
Contributor III

Created on ‎06-24-2024 03:39 AM

Hi Suraj,

 

before we had like x ipsengine:

# diagnose sys top-mem
node (152): 66118kB
ipsengine (388): 23203kB
ipsengine (391): 21656kB
ipsengine (389): 21631kB
ipsengine (390): 21313kB
Top-5 memory used: 153921kB

 

I dont know if it takes some time but we dont have ips activated in any rule anymore.

 

Question is more what we can expect from the next updates, if we have to do something now every time we update the FGs.

 

Thanks!

1495
srajeswaran
Staff
Staff
In response to RolandBaumgaertner72

Created on ‎06-24-2024 03:46 AM

Can you restart ipsengine using "diagnose test application ipsmonitor 99" and check if memory usage comes down?

if you are not enabling ips and still the memory usage is going up, I would recommend opening a ticket to get this investigated. In the meantime we may configre an automated restart of the process as suggested in follwing article  https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-restart-WAD-or-IPS-engine-using-aut...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-stop-and-restart-the-IPS-engine-ver...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1487
jbernabe
Staff
Staff

Created on ‎06-27-2024 09:33 PM

Try to optimize your IPS engine by following this KB link: https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPS-memory-optimization-steps/ta-p/197486

You may also upgrade your IPS engine to the latest version.
Reference: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-upgrade-the-IPS-Engine/ta-...

Regards,
Jef

1368
RolandBaumgaertner72
Contributor III

Created on ‎09-18-2024 02:23 AM

Hi Jef,

 

yesterday we talke in a tech meeting about this issue and we have like many more similiar cases, always with 7.4.4 and always more problems when there is a HA cluster.

 

So it might be a bug and I dont know if this is considered in 7.4.5 and does anybody know when 7.4.5 is comming out? Should be this or next week, or?

 

Thanks

930
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.