Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fjulianom
New Contributor III

Created on ‎10-30-2017 02:23 PM

Kernel and System conserve mode thresholds

Hi guys,

 

I need a clarification about the Kernel and System conserve mode thresholds. According to the NSE4 course, here you are these thresholds:

1. The ambiguity is when the Fortigate has a memory <= 1GB, where the thresholds are the same. What happens if I have a Fortigate with a memory between 512 MB and 1 GB and I have reached 81% of my memory? The Fortigate will enter Kernel or System conserve mode? I can't answer this question from the above slides.

 

2. What mode is more aggressive? I would say is Kernel since any proxy inspection is bypassed and you can't do any configuration changes, while the system mode at least you can somewhat configure the behaviour with the "av-failopen" command. If I am right and Kernel is more aggressive, it makes sense the Fortigate goes first into system conserve mode (less aggressive) and if the memory usage keeps growing then into kernel conserve mode (more aggressive). But the above thresholds are also ambiguous since taking some numbers you can notice a Fortigate would enter first in the Kernel mode and later in the System mode. Let's say a Fortigate with 512 MB, when the Fortigate has 102.4 MB left (<20%) would enter the Kernel mode, and if its memory usage keeps growing and has 40 MB left, then it would enter the System conserve mode.

 

What do you think about these two points?

 

Regards,

Julián

 

Preview file
72 KB
11093
0 Kudos
1 Solution
boneyard
Valued Contributor
In response to fjulianom

Created on ‎10-13-2018 06:30 AM

you are totally right, it is unclear and doesn't seem to make sense for smaller units.

 

also for the whole effect of kernel conserve mode i couldn't find in a public document. here are two effects, but i see people on this forum say it also blocks traffic in general.

 

but well, not a whole lot we can do about it, perhaps the whole intention was to act differently at these smaller units.

View solution in original post

3535
0 Kudos
4 REPLIES 4
fjulianom
New Contributor III

Created on ‎10-31-2017 10:38 AM

Hi guys,

 

Any insight about this?

 

Regards,

Julián

3492
0 Kudos
fjulianom
New Contributor III
In response to fjulianom

Created on ‎11-06-2017 12:38 PM

Hi guys,

 

Any idea?

 

Regards,

Julián

3492
0 Kudos
fjulianom
New Contributor III
In response to fjulianom

Created on ‎12-05-2017 02:51 PM

Hi guys,

 

Any idea? The information of the two screenshots I have attached is ambiguous, isn't it?

 

Regards,

Julián

3492
0 Kudos
boneyard
Valued Contributor
In response to fjulianom

Created on ‎10-13-2018 06:30 AM

you are totally right, it is unclear and doesn't seem to make sense for smaller units.

 

also for the whole effect of kernel conserve mode i couldn't find in a public document. here are two effects, but i see people on this forum say it also blocks traffic in general.

 

but well, not a whole lot we can do about it, perhaps the whole intention was to act differently at these smaller units.

3536
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.