Prevent Fortigate entering conserve mode by reducing memory usage
1. Enable just UTM logs from IPV4 policies with UTM. Other policies without UTM disable all logging.
firewall policy
edit policy_id
set log traffic utm
next
end
2. Reduce these TCP and UDP session timers
config system global
set tcp-halfclose-timer 30
set tcp-halfopen-timer 30
set tcp-timewait-timer 0
set udp-idle-timer 60
end
3. Change default session TTL
config system session-ttl
set default 300
end
4. Reduce the FortiGuard services for the cache
config system fortiguard
set webfilter-cache-ttl 500
set antispam-cache-ttl 500
end
5. DNS cache optimization
config system dns
set dns-cache-limit 300
set dns-cache-ttl 600
end
6. Set the antivirus database to normal
config antivirus settings
set default-db normal
end
7. Changing the IPSEngine algorithm to low and socket size to 10 makes IPS scanning slower but is less memory intensive
config ips global
set database regular
set socket-size 5
end
After changing the algorithm and socket size, restart the IPSEngine using the following command:
diag test app ipsmonitor 99
Watch video Prevent Fortigate entering conserve mode by reducing memory usage online without registration, duration 01 minute 05 second in high hd quality. This video was added by user SuperSimple Howto Tutorial in Technology 06 July 2022, don't forget to share it with your friends and acquaintances, it has been viewed on our site 4 thousand once and liked it 12 people.