Prevent Fortigate entering conserve mode by reducing memory usage
1. Enable just UTM logs from IPV4 policies with UTM. Other policies without UTM disable all logging.
firewall policy
edit policy_id
set log traffic utm
next
end
2. Reduce these TCP and UDP session timers
config system global
set tcp-halfclose-timer 30
set tcp-halfopen-timer 30
set tcp-timewait-timer 0
set udp-idle-timer 60
end
3. Change default session TTL
config system session-ttl
set default 300
end
4. Reduce the FortiGuard services for the cache
config system fortiguard
set webfilter-cache-ttl 500
set antispam-cache-ttl 500
end
5. DNS cache optimization
config system dns
set dns-cache-limit 300
set dns-cache-ttl 600
end
6. Set the antivirus database to normal
config antivirus settings
set default-db normal
end
7. Changing the IPSEngine algorithm to low and socket size to 10 makes IPS scanning slower but is less memory intensive
config ips global
set database regular
set socket-size 5
end
After changing the algorithm and socket size, restart the IPSEngine using the following command:
diag test app ipsmonitor 99
Смотрите видео Prevent Fortigate entering conserve mode by reducing memory usage онлайн без регистрации, длительностью 01 минут 05 секунд в хорошем hd качестве. Это видео добавил пользователь SuperSimple Howto Tutorial in Technology 06 Июль 2022, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 4 тысяч раз и оно понравилось 12 людям.