When Fortigate ips engine and AV engine fuck everything !
Since the beginning we have always trouble about choosing wrong hardwares , developer issues like handle sessions with single core , then ASIC things , its always changing NPx support something NPy support more , end of the day you will always have NPx/y/z/t/u what released but cost is another issue but don’t worry providers always things these are usual things. Hope one day with DPDK or another technology will help us to use firewalls without ASICs and without need always buy new hardwares. (I know you know SDDC , SDN also i know ! )
I know this device is UTM , UTM is somehow fancy things, you know you shouldn’t use , know what will happen but you have to because of some situations (for ISPs)
AV issues , IPS engine issues , conserve mode ! I don’t how you really protect my device and network behind
Big problem AV and memory , still can not understand small to bigger devices why more ram is not used ! Memory is expensive ? or maybe still 32 bit ! What developers can’t handle ?
at the end AV full the ram , whole device under stress and communication issues , BGPs or OSPF are gone ! :(((
For AV its not working like a linux services or something ? you should kill it ! Step by Step , each process , disabling AV is not helping every time
Login your device , switch to config global (it is also command ) then execute diagnose sys top see the processed press q and leave to console execute diagnose sys kill 11 <process_id> . Here we are using because maybe some outputs we could have then fallow console for mem usage.
Another issue is ips engine , so understandable command diag test 🙂 lovely , its not meaningful for me but meaningful for developer or who maintain cli commands
diagnose test app ipsmonitor
You will see nice options and choose what you exactly want , restart , stop , start , get status
Also if you run cluster then consider do same things on slave 🙂 to switch slave
- config global
- get system ha status
- exec ha manage 1 (mostly)
Good fixes !
Posted on 30/07/2016, in Fortigate and tagged conserve mode, exited system conserve mode, fortigate high cpu usage, fortigate high memory usage, IPS engine is crashing, Restarting the IPS Engine on a FortiGate, The system has activated session fail mode, View/Restart IPS Engine. Bookmark the permalink. Leave a comment.