You need to strike a balance with your firewall rules and enable the various security profiles where it makes sense. This has a slowdown effect on the network (but better than going entirely offline and requiring a reboot). Once a Fortigate gets in the high RAM usage range, it goes into conserve mode to protect itself from possibly crashing. That ends up being heavy on CPU and memory.
This can easily happen when you have a lot of rules that run inspections on everything conceivable. The likely biggest issue is poorly constructed rules causing you to run into conserve mode. You meantioned heavy ruled in the other discussion thread. The web GUI has widgets for that and check the various Sources and Destinations under the FortiView menu.Īre vdoms in use by any chance? I am a heavy user of vdoms and I see my session count double and triple at times as certain traffic flows between one or more vdoms. You can get session details out of the Fortigate. If you are truly maxing out sessions with 50 people you should dig into that and see where all those sessions are coming from.
You're maxing out sessions on a 60E for an office with 50 people? The 60E supports 1.3 million concurrent TCP sessions at a rate of 30,000 new sessions per second.Įven so, I seem to average a few hundred thousand sessions at any given time on my 500E for a few thousand users. Copying my own response to here to keep it all together. OP also posted in a different discussion thread which I ended up replying to by mistake instead of this one.
0 kommentar(er)
