Hi,
I have Fortinet 30E. Recently I have noticed every few weeks it goes into Conserve mode and I am unable to access the internet till I restart the firewall. I am new to this so could someone tell me what would be the cause of the conserve mode. The # of sessions do increase during this time but we are not using any additional resources. Is there any way to get a log of these sessions?
Thanks
Hi @Kristo ,
Please check this KB for How Conserve Mode is triggered:
Technical Tip: How conserve mode is triggered
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-conserve-mode-is-triggered/ta-p/198580
And this KB is for "Free up memory to avoid conserve mode":
Conserve Mode happens when Foritgate memory usage passes certain threshold - ~ 90% used, configurable. The chances are this is some process leaking memory, and in this case you will only know which one if you enter the FGT once it entered/immediately before Conserve Mode and look at memory usage by process dia sys top then press M (for murder I guess :) ) - the most memory consuming process will be at the top. Post it here and we'll be more wise to point you further.
FGT 30E has as latest FortiOS 6.2.x, so I guess it has no active subscriptions (IPS/AV/etc) as well?
If it is so, then memory issues caused by automatic updates are not relevant to your case.
I'm also new with this experience and I'm looking for solution here.
FortiGate will enter conserve mode if the memory usage reaches 88% and it's not going to exit conserve mode until the memory usage drop down to 82%.
You can use 'get system performance status' to confirm the memory usage.
To find out which daemon/process are involved, use the following command:
diag sys top <-- then press m to sort by memory, and q to exit.
Reduce memory usage by reducing the numbe... - Fortinet Community
Check if IPS is using more resources. If YES, try to stop and check if that reduces the usage. List of command as outlined below.
To verify if the IPS engine works:
diagnose test application ipsmonitor 1
To start the IPS engine service back:
diagnose test application ipsmonitor 97
To stop the IPS engine:
diagnose test application ipsmonitor 98
To restart the IPS engine:
diagnose test application ipsmonitor 99
Anand
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.