Solved

Fortigate 60C stops passing Internet traffic randomly

Posted on 2012-03-13
3
8,295 Views
Last Modified: 2012-04-11
We recently received a Fortinet FortiGate 60C unit as an RMA replacement for a 60B. About 10 days after we received it the unit began to stop passing Internet traffic at seemingly random intervals. The only solution we found was to restart it.

Fortinet support suggested that the reason the unit was freezing was because it was going into conserve mode which happens when memory usage gets to 80%. We reduced the number of policies in use and changed UTM inspection mode from proxy to flow based. I also shut off dns-upd session helper. The resources now level out at about 20% CPU and 70% memory.

And still the device randomly freezes and stops passing traffic. We are running 4.0 MR3 Patch 5, NAT mode, standalone, one internal and one external interface, no virtual domains. UTM: Antivirus, Web Filter, Application Control, IPS, Email Filter. Also, we are using per-IP traffic shaping. We are logging to disk and not to memory. This is on a network of 113 clients, 63 of whom are regular Internet users.

The only consistent "fix" I have found is to reload the firmware. This buys about 10 days of uninterrupted Internet access.

If anyone has suggestions of what to try to get this thing to stay up I would very much appreciate it. My biweekly Fortinet support ticket ritual is becoming tiresome.
0
Comment
Question by:vmsrf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Accepted Solution

by:
xanandu earned 500 total points
ID: 37802465
The 70% memory is still high. especially as during peak hours of heavy traffic shaping this will cause this number to go up quite a bit. I have seen devices peak from 40% usage early morning to north of 95% during noon due to demand "spikyness"

Check the memory used during the next crash. and try a "diag system top" to see what the top memory consuming process is.

From the sounds of it, the Per-IP traffic shaping is what is causing it, more traffic during peak hours cause certain UTM functions to REALLY suck back the resources. Traffic shaping is one of them. Per IP means each computer has its own traffic shaping policy instead of using a group policy.

If you wish to continue to use your fortigate like this, you will probably have to upsize. In the meantime you can apply ID based policies, release the traffic shaping, and anybody that abuses the network gets put into the throttling groups.
0
 

Author Comment

by:vmsrf
ID: 37802854
Interesting. On the last crash the CPU went to 95% and the offending service was httpd. I will try disabling Per-IP traffic shaping for a week and report back. That could be it.
0
 

Author Closing Comment

by:vmsrf
ID: 37835893
The unit hasn't crashed all week so I'm thinking the traffic shaping may indeed have been causing this. There is another patch out now that addresses high CPU utilization so I will apply that as well.

I would have to agree that this unit is probably undersized for the environment and the way we use it.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question