Fortigate 60C stops passing Internet traffic randomly

We recently received a Fortinet FortiGate 60C unit as an RMA replacement for a 60B. About 10 days after we received it the unit began to stop passing Internet traffic at seemingly random intervals. The only solution we found was to restart it.

Fortinet support suggested that the reason the unit was freezing was because it was going into conserve mode which happens when memory usage gets to 80%. We reduced the number of policies in use and changed UTM inspection mode from proxy to flow based. I also shut off dns-upd session helper. The resources now level out at about 20% CPU and 70% memory.

And still the device randomly freezes and stops passing traffic. We are running 4.0 MR3 Patch 5, NAT mode, standalone, one internal and one external interface, no virtual domains. UTM: Antivirus, Web Filter, Application Control, IPS, Email Filter. Also, we are using per-IP traffic shaping. We are logging to disk and not to memory. This is on a network of 113 clients, 63 of whom are regular Internet users.

The only consistent "fix" I have found is to reload the firmware. This buys about 10 days of uninterrupted Internet access.

If anyone has suggestions of what to try to get this thing to stay up I would very much appreciate it. My biweekly Fortinet support ticket ritual is becoming tiresome.
vmsrfAsked:
Who is Participating?
 
xananduCommented:
The 70% memory is still high. especially as during peak hours of heavy traffic shaping this will cause this number to go up quite a bit. I have seen devices peak from 40% usage early morning to north of 95% during noon due to demand "spikyness"

Check the memory used during the next crash. and try a "diag system top" to see what the top memory consuming process is.

From the sounds of it, the Per-IP traffic shaping is what is causing it, more traffic during peak hours cause certain UTM functions to REALLY suck back the resources. Traffic shaping is one of them. Per IP means each computer has its own traffic shaping policy instead of using a group policy.

If you wish to continue to use your fortigate like this, you will probably have to upsize. In the meantime you can apply ID based policies, release the traffic shaping, and anybody that abuses the network gets put into the throttling groups.
0
 
vmsrfAuthor Commented:
Interesting. On the last crash the CPU went to 95% and the offending service was httpd. I will try disabling Per-IP traffic shaping for a week and report back. That could be it.
0
 
vmsrfAuthor Commented:
The unit hasn't crashed all week so I'm thinking the traffic shaping may indeed have been causing this. There is another patch out now that addresses high CPU utilization so I will apply that as well.

I would have to agree that this unit is probably undersized for the environment and the way we use it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.