Created on 06-21-2024 12:12 AM Edited on 10-08-2024 04:45 AM By Jean-Philippe_P
Dear all.
After upgrading to version 7.4.4 we experience massive performance and handling issues. Can anyone of you confirm this?
What I can see among other things are the following facts:
I really love my Fortigate and the Fortinet infrastructure like you can see in my nickname :) I really do. But this update is really really bad to be honest. Do you experience the same? I am really sure we will rollback to 7.4.0 in the next days. 7.4.4 is quiet impossible to use in comparison to 7.4.4... And why are address groups an address lists now separated? Why?! :D Come on guys from fortinet. Who made this decisions? Can you not just add an option to switch between the old and new GUI so that customers can choose on their own what to use? In my personal opinion this is not a good update for real hugh environments like we have with thousands of entries...
I think I will find more "not so well" changes. But probably not because I think first off all the best idea is to rollback.
With kindest Regards a not so happy FortiLover after updating :(
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Dear all.
Together with the german support team we have figgured out why we had so much trouble after updating to 7.4.4. We have still an old Hardware Revision of the Fortigate 100F which has only 4GB of RAM. Newer Hardware revision has already 8GB RAM. That RAM is quite always full so that it comes to massive performance issues (conserved mode). It seems so that in our configuration we use so much features that this model or 4GB RAM in total is not enough. It is the IPSengine to be more precise. That engine processes will be used not only by IPS checks. It is used for SSL inspections as well and so on... Like I said... with our amount of used features and connected devices it is not enough RAM.
Personally I ask myself why Fortinet is so "thrifty" (no affront) in its Hardware designs when it comes to RAM. To be honest... It is 2024 :) The use of 4GB modules is probably not really uptodate in nowerdays. But hey :) I would wish that the minimum of every Fortigate is at least 16GB of RAM or more. When I check the prices for RAM modules it does not make really differences between 4GB and 16GB RAM modules. And I think customers would be happy to have a device that is future-proof... only because of the RAM as newer versions with more features really consumes more memory. And if I have to pay 50 Euros more for more RAM... I would be happy. It is a difference to upgrade RAM compared to buy a new 400F with a 5 year support contract and EP bundle.
So I just wanted to give a feedback. The question is solved hereby. We need a bigger Hardware for our needs. Looking for a 400F model I think as it has 16GB RAM. Hopefully future-proof. You can see it here. This comparision is really handy dandy. Hardware comparison for Fortigate models
If I could I would like to configure the hardware before buying. But it is the way it is :) You want just more RAM although your CPU is sleeping all the time. Then buy a more powerful hardware... that seems to be the only good solution for now. The 400F model is not that cheap compared to our 100F. I would say the 100F is enough for us when I could increase the RAM... But this seems not the way Fortinet would like to have it :) So we probably buy the 400F or 401F.
With kindest regards
FortiLover
Created on 10-08-2024 03:05 AM Edited on 10-08-2024 03:08 AM
We have updated the firewall to 7.4.5 like suggested from @Pittstate and additional to this we have installed/configured FortiAnalyzer and disabled the option on the firewall to write logs into memory. After a restart of the firewall we can confirm that the RAM usage so far is not that high that the conserved mode is triggered (works now for round about 2 weeks). But it is important to restart the firewall after the configuration as the logs seem to stay parked in the memory. Now we see a usage of 60%-75% with FortiGate 100F (1st hardware revision with 4GB RAM). It is still not really enough RAM but for us it is a temporary solution until we have a better model. Probably we do not need to update to a Fortigate 4xx series model. We probably just need the 2nd hardware revision of our Firewall.
Hello, FortiLover. I'm experiencing issues with 7.4.4 on 201E cluster but in other ways. Security Fabric view is unavailable, HA has trouble syncing, I see web interface errors like "Time is out of sync," and the web interface freezes as the CPU spikes to 100% almost immediately. I can use Putty to run the 'fnsysctl killall httpsd' to temporarily regain access to the web interface, but the Security Fabric, Firmware and Registration, and other views no longer work. Memory is not maxed. I plan to roll the fabric back to the stable release soon if Fortinet continues to miss the scheduled patch release.
** Update: The day of the 7.4.5 release, definitions hit my FortiGate fleet. By the following Sunday, my FortiGate fleet behaved much better. I saw my security fabric and firmware and registration screens for the first time since 7.4.5 was released. The time sync error still occurs, however. I'm happy to be able to administer the firewalls. I'm convinced that the issues were something to do with the intrusion detection or application control.
*** Update: Just because I'm a glutton for punishment, I applied the 7.4.5 release to the FortGates and the 7.6.0 release to the Forti switches. So far, so good.
Or you can go up to 7.4.5, which looks like it was released yesterday.
They labeled it "mature". Guess we'll see.
Created on 10-08-2024 03:05 AM Edited on 10-08-2024 03:08 AM
We have updated the firewall to 7.4.5 like suggested from @Pittstate and additional to this we have installed/configured FortiAnalyzer and disabled the option on the firewall to write logs into memory. After a restart of the firewall we can confirm that the RAM usage so far is not that high that the conserved mode is triggered (works now for round about 2 weeks). But it is important to restart the firewall after the configuration as the logs seem to stay parked in the memory. Now we see a usage of 60%-75% with FortiGate 100F (1st hardware revision with 4GB RAM). It is still not really enough RAM but for us it is a temporary solution until we have a better model. Probably we do not need to update to a Fortigate 4xx series model. We probably just need the 2nd hardware revision of our Firewall.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.