Hot!60F high mem

Author
micahawitt
Silver Member
  • Total Posts : 87
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/05/07 10:33:51
  • Status: offline
2019/12/31 08:38:35 (permalink)
0

60F high mem

Hey All,
 
Just got a 60f and putting it through the paces.  I am noticing high mem around 60% and if np does anything basically goes to conserve mode and need to reboot.  Scoured cookbook and other googles and cant seem to find a good NPU best practice. 
 
Wondering if anyone else has played with this at all.  Using at home, about 10 policies, 2 of which do actual filtering.  
 
Just wondering thoughts.
#1

11 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1853
    • Scores: 157
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: 60F high mem 2019/12/31 09:34:56 (permalink)
    0
    What process(es) seems to be taking up the memory most? "diag sys top 5 20" then "Shift-M".
    Since it's a brand-new product with a new SOC4 chip, I would open a ticket with TAC right away.
    #2
    James_G
    Gold Member
    • Total Posts : 150
    • Scores: 5
    • Reward points: 0
    • Joined: 2016/02/28 02:55:47
    • Status: offline
    Re: 60F high mem 2019/12/31 15:37:11 (permalink)
    0
    Fortios version?
    #3
    James_G
    Gold Member
    • Total Posts : 150
    • Scores: 5
    • Reward points: 0
    • Joined: 2016/02/28 02:55:47
    • Status: offline
    Re: 60F high mem 2019/12/31 18:05:14 (permalink)
    0
    Ps interested how this plays out due to a comment I heard about soc4 not having a real NP, and was somehow software based / emulated. Could NP usage affect memory usage?????
    #4
    tanr
    Platinum Member
    • Total Posts : 718
    • Scores: 33
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: 60F high mem 2019/12/31 21:50:45 (permalink)
    0
    Are you on 6.2.2 and using proxy mode instead of flow? Lot of perf/memory bugs that were reported fixed in 6.2.3, many of which were WAD process, so flow mode might be a temp workaround.

    As others mentioned, we’re just guessing without a FortiOS version and diag says top.
    #5
    James_G
    Gold Member
    • Total Posts : 150
    • Scores: 5
    • Reward points: 0
    • Joined: 2016/02/28 02:55:47
    • Status: offline
    Re: 60F high mem 2020/01/01 04:26:15 (permalink)
    0
    Or, if this is a new implementation and the issues are that bad, try 6.0.8

    Warning, it will require manual reconfig from scratch
    #6
    micahawitt
    Silver Member
    • Total Posts : 87
    • Scores: 2
    • Reward points: 0
    • Joined: 2013/05/07 10:33:51
    • Status: offline
    Re: 60F high mem 2020/01/01 07:22:56 (permalink)
    0
    Running 6.2.2.  This is my attempt at coming back to Fortinet from the 5 days.
     
    I will be calling TAC to get some info, but just to try an answer some of the questions here...
     
    Which part would be proxy vs flow, looking through my list i didn't see anything glaring sticking out.
    Also looking through cookbook to see if i can just turn off the NPU, right now it seems to be the app control that really pushes it over.
     
    WIth the setup the only filtering on is web/av/dns
     
    #7
    micahawitt
    Silver Member
    • Total Posts : 87
    • Scores: 2
    • Reward points: 0
    • Joined: 2013/05/07 10:33:51
    • Status: offline
    Re: 60F high mem 2020/01/01 07:24:43 (permalink)
    0
    Run Time: 1 days, 2 hours and 3 minutes
    0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1819T, 303F
    ipshelper 188 S < 0.0 16.9
    ipsengine 255 S < 0.1 5.3
    httpsd 4721 S 0.0 5.3
    ipsengine 253 S < 0.0 5.3
    ipsengine 256 S < 0.0 5.2
    ipsengine 254 S < 0.1 5.2
    cmdbsvr 128 S 0.0 2.3
    scanunitd 6590 S < 0.0 1.9
    pyfcgid 4455 S 0.0 1.9
    pyfcgid 4454 S 0.0 1.9
    pyfcgid 4451 S 0.0 1.8
    scanunitd 175 S < 0.0 1.8
    scanunitd 6592 S < 0.0 1.8
    scanunitd 6587 S < 0.0 1.8
    scanunitd 6588 S < 0.0 1.7
    scanunitd 6589 S < 0.0 1.7
    scanunitd 6591 S < 0.0 1.7
    scanunitd 6593 S < 0.0 1.7
    scanunitd 6594 S < 0.0 1.7
    httpsd 4725 S 1.3 1.5
    Run Time: 1 days, 2 hours and 3 minutes
    0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1819T, 303F
    ipshelper 188 S < 0.0 16.9
    ipsengine 255 S < 0.1 5.3
    httpsd 4721 S 0.0 5.3
    ipsengine 253 S < 0.0 5.3
    ipsengine 256 S < 0.0 5.2
    ipsengine 254 S < 0.1 5.2
    cmdbsvr 128 S 0.0 2.3
    scanunitd 6590 S < 0.0 1.9
    pyfcgid 4455 S 0.0 1.9
    pyfcgid 4454 S 0.0 1.9
    pyfcgid 4451 S 0.0 1.8
    scanunitd 175 S < 0.0 1.8
    scanunitd 6592 S < 0.0 1.8
    scanunitd 6587 S < 0.0 1.8
    scanunitd 6588 S < 0.0 1.7
    scanunitd 6589 S < 0.0 1.7
    scanunitd 6591 S < 0.0 1.7
    scanunitd 6593 S < 0.0 1.7
    scanunitd 6594 S < 0.0 1.7
    httpsd 4725 S 0.9 1.5
    post edited by micahawitt - 2020/01/01 07:28:30
    #8
    micahawitt
    Silver Member
    • Total Posts : 87
    • Scores: 2
    • Reward points: 0
    • Joined: 2013/05/07 10:33:51
    • Status: offline
    Re: 60F high mem 2020/01/01 07:37:09 (permalink)
    0
    restarting the engine took me from 75% down to 63%
    #9
    simonorch
    Gold Member
    • Total Posts : 328
    • Scores: 14
    • Reward points: 0
    • Joined: 2009/06/05 00:05:08
    • Location: Norway
    • Status: offline
    Re: 60F high mem 2020/01/01 23:51:04 (permalink)
    0
    I also have a 60F running 6.2.2 the last 6 weeks or so, with a couple of fortiswitches and and ap. got a mix of rules including a couple with AV, webfiltering etc. in proxy mode, no deep ssl inspection though. During that time i've had to reboot the box once due to a suspected problem with fortilink, it hadn't gone to conserve though.
    6.2.3 isn't out yet for the SOC4 models.

    NSE8
    Fortinet platinum partner - Norway
    #10
    micahawitt
    Silver Member
    • Total Posts : 87
    • Scores: 2
    • Reward points: 0
    • Joined: 2013/05/07 10:33:51
    • Status: offline
    Re: 60F high mem 2020/01/02 10:39:00 (permalink)
    0
    @simonarch whats your mem % at with that?  I have noticed the app filtering is really killing me.  
     
    Which, i have to say, one of the main reasons i got his is for the filtering capabilities, and the upgraded hardware/throughput on these.  Such a shame seemingly that one policy can push this thing over the edge. 
    #11
    simonorch
    Gold Member
    • Total Posts : 328
    • Scores: 14
    • Reward points: 0
    • Joined: 2009/06/05 00:05:08
    • Location: Norway
    • Status: offline
    Re: 60F high mem 2020/01/02 11:44:49 (permalink)
    0
    With proxy mode enabled on the main general internet policy with a maximum of 20Mbps throughput as that's the limit of the connection i'm at a steady 73%, in flow mode it's about 71%

    NSE8
    Fortinet platinum partner - Norway
    #12
    Jump to:
    © 2020 APG vNext Commercial Version 5.5