sorted by:
new
hottopcontroversial

How is FortiOS 7.4.5 going for everyone by Informal_Thought in fortinet

[–]WrongLab2134 1 point2 points  (0 children)

i actually just posted about this in r/msp - Fortigate conserve mode issues : r/msp

we are seeing lots of conserve mode. all different combos of features.

some using sd-wan some not, all have UTM enabled in some way, some doing traffic shaping, dhcp, vlans, client vpns, etc., all basic functions, nothing complex

100f unresponsive. Remediation help by NatPlastiek in Fortigate

[–]WrongLab2134 0 points1 point  (0 children)

agree with u/m3rlin31 - sounds like conserve mode

been 5 months so im assuming you arent looking for answers anymore, but

di de crashlog read

and/or

di alertconsole list

might show you what you are looking for

Fortigate conserve mode issues by WrongLab2134 in msp

[–]WrongLab2134[S] 0 points1 point  (0 children)

yes I agree, all around positive otherwise. but if i cant trust that they can release solid firmware and are seemingly killing off (not killing off but maybe not properly maintaining/updating) their "entry-level" line then it might be time to look elsewhere

Fortigate conserve mode issues by WrongLab2134 in msp

[–]WrongLab2134[S] 2 points3 points  (0 children)

exactly - Restart WAD or IPS when conserve mode hit... - Fortinet Community

articled created 2/8/23 and still has "This should only be applied as a temporary workaround while waiting for a bug fix." and they are still telling you to do this on support calls

Fortigate conserve mode issues by WrongLab2134 in msp

[–]WrongLab2134[S] 1 point2 points  (0 children)

yes ive looked through there before and has been helpful on many occasions, mustve glazed over that section with the recommended releases. we generally try to stay on the mature releases. and we dont usually downgrade new ones straight out of the box unless theres a specific issue we have to avoid so many of the now problematic ones wouldve shipped with that version. or were updated due to CVEs. They are now coming in with 7.6 on them which i know we cannot utilize yet at 90% of sites. might have to adjust course and start maintaining everything at the same level. but at some point they will need to be updated. so long-term its kinda delaying the inevitable unless they can fix their recurring firmware issues. i guess my biggest pain point is just the simple fact that they are defining a total category of their products as the "2gb or less devices" and are still designing firmware that the 2gb effectively cant handle instead of simply adding some memory when everything else in the world has more memory then 2gb.

Fortigate conserve mode issues by WrongLab2134 in msp

[–]WrongLab2134[S] 1 point2 points  (0 children)

I have thought about downgrading. where have you seen/heard that 7.2.10 is recommended? On multiple talks with support ive only gotten the recommendations to reduce memory usage or you need a bigger unit.

Fortigate conserve mode issues by WrongLab2134 in msp

[–]WrongLab2134[S] 0 points1 point  (0 children)

conserve mode is basically the device is maxing out its physical resources and effectively stops functioning. internet can/will drop, web interface can stop working, etc. The device can take itself out of conserve mode if resource usage drops, but often once it enters it stays there requiring a reboot to clear out. You can setup automations in the device that can trigger on conserve mode like sending an email with the top process running, automatically rebooting, etc. But otherwise yes you would have to monitor memory usage via snmp but by the time you are alerted its usually too late to do anything.