Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johnlloyd_13
Contributor II

Created on ‎02-04-2025 11:59 PM

SNAT Policy Log Allowed in FGT VDOMs

hi,

i'll be creating multiple (a lot) SNAT policy in a multi-VDOM FGT which is an "F" series (1000 plus model)

my question, do i enable/allow log "all sessions" or just "security events"?

can my current platform (1000 plus F model) can handle such log?

i just want to prevent any high CPU/memory due to lots of NAT processing/cache.

image.png

 

Labels:
422
0 Kudos
1 Solution
dingjerry_FTNT
Staff
Staff
In response to johnlloyd_13

Created on ‎02-05-2025 05:02 PM

Hi @johnlloyd_13 ,

 

Technically, it's hard to cause high CPU/Memory usage issues due to NAT usage.

 

1) The following doc is talking about possible reasons causing high CPU:

 

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/232929/troubleshooting-high-...

 

2) The KB is talking about something for conserve mode (Memory usage issue)

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-conserve-mode-is-triggered/ta-p/198580...

 

 

Regards,

Jerry

View solution in original post

286
11 REPLIES 11
funkylicious
SuperUser
SuperUser

Created on ‎02-05-2025 03:25 AM

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-Security-Events-and-All... 

Since the 1000F does not have a local disk to store the logs, all logs will be held in memory for a rather short duration of time or until a reboot.

It would be recommended to use a external syslog server or FortiAnalyzer to send the logs to relieve the FGT from any 'stress' .

"jack of all trades, master of none"
"jack of all trades, master of none"
333
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to funkylicious

Created on ‎02-05-2025 10:53 AM Edited on ‎02-05-2025 10:54 AM

Not true. 

 

FGT 1001F does have a Local Disk. It should be the same for FGT 1000F.

 

Version: FortiGate-1001F v7.4.7,build2731,250120 (GA.M)
......
Log hard disk: Available

 

@johnlloyd_13 ,

 

It should be fine to enable NAT and logs in multiple policies.

Regards,

Jerry
315
funkylicious
SuperUser
SuperUser
In response to dingjerry_FTNT

Created on ‎02-05-2025 11:33 AM Edited on ‎02-05-2025 11:34 AM

as far as I know, only models ending with xxx1 have local storage, maybe on higher models/chassis this rule doesn't apply but in the product matrix 1000F is not listed with storage but rather, Local Storage 960 GB (1001F)

"jack of all trades, master of none"
"jack of all trades, master of none"
311
dingjerry_FTNT
Staff
Staff
In response to funkylicious

Created on ‎02-05-2025 11:37 AM

Hi @funkylicious ,

 

I don't have FGT 1000F in hand to verify and confirm.  But it seems you are right.

Regards,

Jerry
305
Toshi_Esumi
SuperUser
SuperUser
In response to dingjerry_FTNT

Created on ‎02-05-2025 11:39 AM

Yes, it is.

Toshi

301
0 Kudos
funkylicious
SuperUser
SuperUser
In response to dingjerry_FTNT

Created on ‎02-05-2025 11:45 AM

(global) # get system status | grep Version
Version: FortiGate-1000F v7.2.7,build1577,240131 (GA.M)
Release Version Information: GA

 

(global) # get system status | grep disk
Log hard disk: Not available

"jack of all trades, master of none"
"jack of all trades, master of none"
287
johnlloyd_13
Contributor II
In response to funkylicious

Created on ‎02-05-2025 04:03 PM

hi,

i didn't specifically mentioned 1000/1001F, it's a bigger chassis/platform.

to my knowledge "F" models have disk on them.

i just want to know if i can "safely" enable syslog on NAT policy on the VDOMs in a single device. no plan to send to a remote syslog at the moment.

245
0 Kudos
johnlloyd_13
Contributor II
In response to dingjerry_FTNT

Created on ‎02-05-2025 04:04 PM

hi,

thanks for the reply!

do you have a fortinet link/tech guide or tip that will confirm this?

241
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to johnlloyd_13

Created on ‎02-05-2025 05:02 PM

Hi @johnlloyd_13 ,

 

Technically, it's hard to cause high CPU/Memory usage issues due to NAT usage.

 

1) The following doc is talking about possible reasons causing high CPU:

 

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/232929/troubleshooting-high-...

 

2) The KB is talking about something for conserve mode (Memory usage issue)

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-conserve-mode-is-triggered/ta-p/198580...

 

 

Regards,

Jerry
287
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.