That is when I started to experience similar issues with being unable to upgrade easily. My previous attempts to upgraded 5. And I was able to succeed after hours of working on it. I hope to share my experiences and observations on the issue: 1 Before the upgrade last night, I saw errors showing disk inode errors with a cryptic message about needing to run fs2-fsck to repair the disk problems a linux command not part of the Fortigate commands. My thoughts on this: A.

Author:Zulkizuru Mezijas
Language:English (Spanish)
Published (Last):17 July 2013
PDF File Size:13.98 Mb
ePub File Size:18.99 Mb
Price:Free* [*Free Regsitration Required]

If many of them are used at the same time, it can quickly use up all the CPU resources. When this happens, you will experience connection related problems stemming from the FortiOS unit trying to manage its workload by refusing new connections, or even more aggressive methods.

Some examples of features that are CPU intensive are VPN high level encryption, having all traffic undergo all possible scanning, logging all traffic, and packets, and dashboard widgets that frequently update their data. Determine how high the CPU usage is currently.

There are two main ways to do this. This is a dial gauge that displays a percentage use for the CPU. If its at the red-line, you should take action. The other method is to use the Dashboard CLI widget to enter diag sys top. In the example, T means there are Mb of system memory. In the example, F means there is Mb of free memory. In the example, KF means the system is using shared memory pages. Each additional line of the command output displays information for each of the processes running on the FortiGate unit.

For example, the third line of the output is: newcli R 0. Other process names can include ipsengine, sshd, cmdbsrv, httpsd, scanunitd, and miglogd. The process ID can be any number. CPU usage can range from 0. Memory usage can range from 0. Determine what features are using most of the CPU resources.

The CLI command get system performance top outputs a table of information. You are interested in the second most right column, CPU usage by percentage. If the top few entries are using most of the CPU, note which processes they are and investigate those features to try and reduce their CPU load. Generally the monitor for a feature is a good place to start. Note that if you require a feature this section tells you to turn off, ignore it.

Offloading tasks such as encryption frees up the CPU for other tasks. These widgets are constantly polling the system for their information, which uses CPU and other resources. This is the severity of the messages that are recorded. Consider going up one level to reduce the amount of logging.

Also if there are events you do not need to monitor, remove them from the list. Logging to memory quickly uses up resources. Logging to local disk will impact overall performance and reduce the lifetime of the unit. When a disk is almost full it consumes a lot of resources to find the free space and organize the files. If traffic enters the FortiGate unit on one interface, goes out another, and then comes back in again that traffic does not need to be rescanned. Doing so is a waste of resources.

However, ensure that traffic truly is being scanned once. To do this in the CLI enter the following commands and values. These values reduce the values from defaults. Note that tcp-timewait has 10 seconds added by the system by default.


Fortinet FortiGate 40C - security appliance Series Specs & Prices



VDOM and 40C



Fortinet FortiGate 40C - security appliance Series Specs & Prices


Related Articles