Fortigate 60C stops passing Internet traffic randomly

We recently received a Fortinet FortiGate 60C unit as an RMA replacement for a 60B. About 10 days after we received it the unit began to stop passing Internet traffic at seemingly random intervals. The only solution we found was to restart it.

Fortinet support suggested that the reason the unit was freezing was because it was going into conserve mode which happens when memory usage gets to 80%. We reduced the number of policies in use and changed UTM inspection mode from proxy to flow based. I also shut off dns-upd session helper. The resources now level out at about 20% CPU and 70% memory.

And still the device randomly freezes and stops passing traffic. We are running 4.0 MR3 Patch 5, NAT mode, standalone, one internal and one external interface, no virtual domains. UTM: Antivirus, Web Filter, Application Control, IPS, Email Filter. Also, we are using per-IP traffic shaping. We are logging to disk and not to memory. This is on a network of 113 clients, 63 of whom are regular Internet users.

The only consistent "fix" I have found is to reload the firmware. This buys about 10 days of uninterrupted Internet access.

If anyone has suggestions of what to try to get this thing to stay up I would very much appreciate it. My biweekly Fortinet support ticket ritual is becoming tiresome.
vmsrfAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

xananduCommented:
The 70% memory is still high. especially as during peak hours of heavy traffic shaping this will cause this number to go up quite a bit. I have seen devices peak from 40% usage early morning to north of 95% during noon due to demand "spikyness"

Check the memory used during the next crash. and try a "diag system top" to see what the top memory consuming process is.

From the sounds of it, the Per-IP traffic shaping is what is causing it, more traffic during peak hours cause certain UTM functions to REALLY suck back the resources. Traffic shaping is one of them. Per IP means each computer has its own traffic shaping policy instead of using a group policy.

If you wish to continue to use your fortigate like this, you will probably have to upsize. In the meantime you can apply ID based policies, release the traffic shaping, and anybody that abuses the network gets put into the throttling groups.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vmsrfAuthor Commented:
Interesting. On the last crash the CPU went to 95% and the offending service was httpd. I will try disabling Per-IP traffic shaping for a week and report back. That could be it.
0
vmsrfAuthor Commented:
The unit hasn't crashed all week so I'm thinking the traffic shaping may indeed have been causing this. There is another patch out now that addresses high CPU utilization so I will apply that as well.

I would have to agree that this unit is probably undersized for the environment and the way we use it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.