Month: July 2025

The Data Deluge: Why FortiGate Logs Matter

Every single action on your network leaves a digital footprint. From a user logging in, to data moving between servers, to an attempted cyberattack your FortiGate firewall captures an immense amount of this information. Without understanding these logs, businesses are essentially “flying blind” regarding their network’s health and security posture. This is precisely where FortiGate Security Logging becomes critical. It’s the raw evidence that tells the story of what’s happening in your digital environment.

What Your FortiGate is Recording: Types of Logs

Your FortiGate is constantly working, generating different types of logs, each providing unique insights for effective FortiGate reporting:

• Traffic Logs: These are like the flight manifest for your network. They tell you who is communicating with whom, what applications are being used, which ports and protocols are involved, and how much data is being transferred.
• UTM (Unified Threat Management) Logs: These logs detail the actions of your FortiGate’s security features. They record when viruses are blocked, intrusions are detected, websites are filtered, or specific applications are controlled.
• Event Logs: Think of these as your FortiGate’s diary. They capture system-level activities, such as configuration changes, administrative logins, device reboots, and overall hardware health.
• VPN Logs: If you use VPNs for remote access or site-to-site connections, these logs provide crucial information on connection attempts, user authentications, and tunnel status.

These diverse logs are the raw data that, when properly understood, form the basis of powerful FortiGate reporting.

From Raw Data to Actionable Insights: Interpreting FortiGate Logs

So, you have all this data. How do you make sense of it? Interpreting FortiGate logs means looking for patterns and anomalies. Key fields to pay attention to include:

• Source IP / Destination IP: Where is the traffic coming from and where is it going?
• Action: Was the traffic allowed, denied, or blocked?
• Service / Application: What kind of communication is it (e.g., web browsing, email, a specific business application)?
• Policy ID: Which firewall rule was applied to this traffic?
• Threat Name: If a threat was detected, what was it?

For example, seeing many failed login attempts from an unusual country in your VPN logs could indicate a brute-force attack. Or, a sudden spike in outbound traffic to an unknown destination in your traffic logs might signal data exfiltration. Manually sifting through millions of lines of logs, however, is a huge challenge.

Elevating Your Analysis: The Role of FortiAnalyzer in FortiGate Reporting

To truly unlock the power of your FortiGate Security Logging, a dedicated platform like FortiAnalyzer is invaluable. FortiAnalyzer centralizes and enhances your log analysis:

• Centralized Collection: Gathers logs from all your FortiGate devices (and other Fortinet products) into one place, giving you a holistic view.
• Correlation: It doesn’t just show you individual events; it automatically links related events across different devices and timeframes to identify complex attack chains that might otherwise go unnoticed.
• Advanced Reporting: Generates customizable reports for various needs from executive summaries of your security posture to detailed compliance reports for regulations like PCI DSS or HIPAA.
• Interactive Dashboards: Provides visual overviews of network activity, threat trends, and device health, making complex data easy to understand at a glance.
• Threat Hunting: Enables your security team to proactively search through historical data for subtle indicators of compromise, moving beyond just reacting to alerts.

While FortiManager helps with centralized policy management, FortiAnalyzer is the powerhouse for deep analysis of your FortiGate security logging.

Why Comprehensive FortiGate Logging & Reporting is Crucial

Leveraging your FortiGate’s data effectively provides immense benefits:

• Network Health Monitoring: Understand what “normal” looks like on your network, making it easier to spot when something is off.
• Faster Troubleshooting: Quickly pinpoint the root cause of network or security issues.
• Proactive Threat Detection & Response: Identify active threats sooner and respond effectively, minimizing potential damage.
• Compliance & Auditing: Generate the necessary records and reports to meet regulatory requirements and pass audits with confidence.
• Continuous Security Improvement: Use insights from past events to refine your security policies and strengthen your overall defenses.

Don’t Let Your Data Go Unseen.

The true power of your FortiGate lies not only in its ability to protect your network but also in the rich intelligence it gathers. Effective FortiGate Security Logging and reporting transforms raw data into actionable insights, empowering you to make informed decisions and build a more resilient defense.

Partner with BALANCED+ for Expert FortiGate Logging & Reporting.

Are you truly leveraging the intelligence your FortiGate generates? Unlock deeper insights into your network’s security and performance. BALANCED+ specializes in optimizing FortiGate security logging and reporting, from FortiAnalyzer deployment to custom dashboards and expert analysis. Schedule a consultation with our experts to transform your data into a powerful defense.

The Guest Wi-Fi Challenge

Offering Wi-Fi to your customers or visitors is a great way to be welcoming and provide good service. From cafes and retail shops to offices and clinics, everyone expects easy internet access. But here’s the hidden risk: if your guest Wi-Fi isn’t set up correctly, it could put your entire business at risk.

Imagine your important business files, customer information, or even your company’s bank details, all visible to someone casually Browse the internet on your guest network. A poorly configured guest Wi-Fi could be an open door for viruses, hackers, or data theft, potentially disrupting your operations and damaging your reputation.

Why You Need Separate, Secure Guest Wi-Fi

The key to safe guest Wi-Fi is separation. You want to let guests connect to the internet without ever being able to “see” or interact with your business’s computers, servers, or other devices. Think of it like having a guest house on your property: your visitors have a comfortable place to stay, but they don’t have access to your main home or its contents.

This is where your FortiGate firewall comes in. Your FortiGate is a powerful tool designed to protect your network. It can easily create this vital separation, giving your guests internet access while keeping your core business network safe and sound. This is the foundation of effective FortiGate Guest Wi-Fi Security.

Your FortiGate: The Key to Secure Guest Wi-Fi

Your FortiGate firewall isn’t just for protecting your main business network. It’s also perfectly capable of handling a secure guest Wi-Fi network. By setting it up correctly, you can provide convenience without sacrificing security.

Heres a practical guide to setting up secure FortiGate Guest Wi-Fi Security for your business:

Step-by-Step Guide: Setting Up Secure FortiGate Guest Wi-Fi

Remember, while this explains the “what” and “why,” the actual steps in your FortiGate might look slightly different based on your specific model and setup.

Step 1: Network Segmentation (VLANs)

• What it is: This creates a completely separate “lane” for your guest network traffic. It’s like building a new, isolated road for guests so they can’t stray onto your private business roads.
• Why it’s important: Guest devices can’t see or communicate with your internal company devices. This prevents potential threats from guests affecting your business.

Step 2: Dedicated DHCP Server

• What it is: Your FortiGate will hand out unique network addresses (like a phone number) specifically for guest devices.
• Why it’s important: This keeps guest network addresses separate from your main business network addresses, ensuring no overlap or confusion that could lead to unauthorized access.

Step 3: Captive Portal (The Login Page)

• What it is: This is the “welcome screen” that guests see when they first try to connect to your Wi-Fi, before they can access the internet.
• Why it’s important:
  • Accept Terms: Guests can click to agree to your terms of service.
  • Password: You can require a simple password that you change daily or weekly, giving staff control over who connects.
  • Branding: You can customize this page with your company logo and messages, making it professional.

Step 4: Bandwidth Control

• What it is: You can set limits on how fast guests can browse the internet.
• Why it’s important: This ensures that guests downloading large files or streaming videos don’t slow down your important business operations, like processing payments or video calls.

Step 5: Firewall Policies

• What it is: These are the strict rules on your FortiGate that control exactly what traffic can go where.
• Why it’s important: You’ll create rules that specifically allow guest devices to access the internet, but strictly block them from reaching any of your internal business systems. This is the core of your FortiGate Guest Wi-Fi Security.

Step 6: Monitoring

• What it is: Regularly checking your FortiGate’s logs and reports.
• Why it’s important: This allows you to see how your guest Wi-Fi is being used and helps you spot anything unusual, ensuring continued security.

Benefits of a Properly Configured FortiGate Guest Wi-Fi

Setting up your guest Wi-Fi correctly with FortiGate offers big advantages:

• Enhanced Security: Your sensitive business data and systems are protected from outside access.
• Improved Performance: Guest traffic stays separate, so it won’t slow down your main network operations.
• Professional Image: Providing secure and reliable guest internet shows you care about your visitors’ online safety and your business’s professionalism.
• Reduced Liability: Proper setup helps protect your business from potential issues caused by guest misuse.

Need a Hand? BALANCED+ is Here to Help

While this guide breaks down the steps, setting up and managing network security can still be tricky. Ensuring every setting is just right for maximum FortiGate Guest Wi-Fi Security takes expertise.

At BALANCED+, we’re experts in FortiGate and cybersecurity management. We can help you design, configure, and maintain a guest Wi-Fi network that’s both convenient for your visitors and ironclad for your business.

Don’t risk your business’s security with an unmanaged guest network. Our experts can ensure your FortiGate Guest Wi-Fi is set up perfectly, securely, and conveniently. Schedule a free consultation with BALANCED+ today to get started!

The Growth Paradox: Scaling Your Business Can Strain Your Security

The excitement of business growth is undeniable. More customers, more employees, more data, more locations it all points to success. Yet, this very growth often presents a hidden challenge for your IT infrastructure, particularly your network security. What happens when your security solution, once perfectly adequate, can no longer keep pace?

An improperly designed or unscalable FortiGate architecture can quickly transform from a powerful protector into a critical bottleneck. This can lead to frustrating performance degradation, increased management complexity, and, most dangerously, new security vulnerabilities that expose your expanding operations to unnecessary risk. Don’t let your security become the barrier to your next big leap.

Recognizing FortiGate Scalability Issues in Your Network

How can you tell if your current FortiGate deployment is struggling to keep up with your business growth? Look for these common symptoms of FortiGate scalability issues:

• Network Slowdowns and Latency: Users complain about sluggish application performance, slow internet access, or delays in accessing internal resources, especially during peak hours.
• Frequent CPU/Memory Spikes: Your FortiGate devices consistently show high CPU or memory utilization, even during what should be normal operational periods, indicating they are being overworked.
• Management Complexity Overload: It becomes increasingly difficult to manage a growing number of security policies, VPN tunnels, or user access rules, leading to errors and inefficiencies.
• Challenges with New Integrations: Integrating new cloud services, opening new branch offices, or onboarding a large number of remote users becomes a painful, performance-impacting process.
• Increased Operational Costs: You might be overspending on bandwidth or other resources to compensate for an underperforming security appliance, or constantly troubleshooting issues that stem from architectural limitations.

If any of these sound familiar, it’s a strong indicator that your FortiGate architecture needs a strategic review.

Common FortiGate Scalability Pitfalls to Avoid

Many businesses inadvertently create FortiGate scalability issues by overlooking key planning considerations:

• Under-Sizing from the Start: Choosing a FortiGate model based only on current needs, without forecasting future growth in user count, traffic volume, or the adoption of new bandwidth-intensive applications.
• Monolithic Design: Relying on a single FortiGate device to handle all security functions for an entire, rapidly expanding organization. This creates a single point of failure and can easily overwhelm the device’s capacity.
• Lack of Network Segmentation: As your network grows, failing to properly segment it into smaller, isolated zones. This increases the “blast radius” of a potential breach and makes policy management unwieldy.
• Inefficient Policy Management: Allowing your security policy database to become a sprawling, unoptimized mess. Too many redundant or overly broad rules can significantly impact FortiGate performance.
• Ignoring Cloud Integration: Neglecting to plan for secure, scalable integration with public or private cloud resources and SaaS applications as your business increasingly adopts them.

Designing for Growth: Key Principles for FortiGate Scalability

Addressing FortiGate scalability issues requires a proactive and strategic approach. Here are the core principles for designing a FortiGate deployment that truly grows with your business:

• Strategic Sizing & Forecasting: Always select FortiGate models with ample headroom. Work with experts to forecast your expected growth (e.g., 3-5 years out) in users, devices, traffic, and security feature usage to ensure your chosen appliances can handle future demands.
• High Availability (HA) & Redundancy: Implement FortiGate devices in High Availability (HA) clusters (active-passive or active-active). This not only ensures business continuity in case of a device failure but also allows for better load distribution and seamless upgrades.
• Network Segmentation & Micro-segmentation: Break down your network into smaller, isolated zones using FortiGate’s Virtual Domains (VDOMs) or internal segmentation firewall capabilities. This limits the lateral movement of threats and simplifies policy management for specific user groups or applications.
• Leveraging FortiManager & FortiAnalyzer: For growing and complex deployments, these centralized management and analytics platforms are non-negotiable.
  • FortiManager provides unified policy orchestration across multiple FortiGates, simplifying configuration and ensuring consistency.
  • FortiAnalyzer offers scalable logging, advanced analytics, and threat intelligence, crucial for monitoring performance and identifying emerging threats across your expanded network.
• Secure SD-WAN for Distributed Environments: If your business has multiple branch offices or a significant remote workforce, FortiGate’s integrated Secure SD-WAN capabilities are vital. They efficiently and securely connect distributed environments, optimizing application performance across diverse connections and reducing reliance on expensive MPLS lines.
• Cloud-Native Integration (FortiGate-VM): For businesses embracing cloud infrastructure, deploy FortiGate-VM (Virtual Machines). This extends consistent FortiGate security policies and centralized management into public and private cloud environments, ensuring seamless scalability and protection for your cloud workloads.

Don’t Let Your Security Become a Barrier to Growth.

The journey of business expansion is exciting, but it shouldn’t be hampered by an outdated or unscalable security infrastructure. Proactive planning for FortiGate scalability issues is an investment in your future success, ensuring that your network security evolves in lockstep with your business ambitions.

Partner with BALANCED+ for Future-Proof FortiGate Architecture.

At BALANCED+, we understand the unique challenges growing businesses face. Our experts specialize in designing, implementing, and optimizing FortiGate solutions that are built for tomorrow’s demands, not just today’s.

Is your FortiGate ready for your business’s next growth phase? Ensure your security scales with your success. BALANCED+ specializes in FortiGate architecture review and scalability planning. Schedule a consultation with our experts to future-proof your network security.

Your Cloud Infrastructure Demands More Than Just Basic Security.

As businesses increasingly migrate to cloud environments, the traditional security perimeter dissolves, creating new challenges and opportunities for protection. Simply lifting and shifting on-premises security solutions won’t suffice. To ensure robust defense and efficient operations in public or private clouds, a purpose-built virtual firewall like FortiGate-VM is not just an option, but an essential component for consistent security across hybrid and multi-cloud architectures.

Why FortiGate-VM for Cloud Security?

Extending your security posture into the cloud requires a solution that’s as agile and scalable as the cloud itself. FortiGate-VM brings the full power of FortiGate’s advanced security features directly into your cloud infrastructure:

• Comprehensive Security: Leverage Next-Generation Firewall (NGFW) capabilities, Unified Threat Management (UTM) services (like IPS, antivirus, web filtering, application control), and integrated Secure SD-WAN directly within your cloud deployments.
• Consistency and Centralization: Maintain consistent security policies and management across your on-premises FortiGate devices and your cloud-based FortiGate-VM instances, often managed from a single pane of glass (e.g., FortiManager).
• Scalability and Flexibility: Easily scale your security resources up or down to match cloud workload demands, paying only for what you use, a core principle of effective FortiGate Cloud Optimization.

Critical Considerations for FortiGate-VM Deployment

Effective FortiGate Cloud Optimization begins with thoughtful deployment planning.

Right-Sizing Your FortiGate-VM

Choosing the correct virtual machine instance type and resource allocation (vCPUs, RAM) is paramount. It’s not a one-size-fits-all. Consider:

• Expected Traffic Volume: How much data will flow through the FortiGate-VM?
• Security Profiles Enabled: Will you be using deep packet inspection (SSL/TLS inspection), IPS, or other resource-intensive features?
• Throughput Requirements: Match the chosen FortiGate-VM model (e.g., FortiGate-VM01, VM02, VM04) to your desired throughput, ensuring it aligns with your cloud provider’s instance capabilities. Over-provisioning wastes resources, under-provisioning creates bottlenecks.

Network Architecture Design

Integrating FortiGate-VM seamlessly into your cloud network requires careful design:

• Virtual Private Clouds (VPCs) / Virtual Networks: Position FortiGate-VM strategically within your cloud VPCs to act as a security gateway for traffic entering and leaving your protected subnets.
• Subnets and Routing: Configure subnets and routing tables to direct relevant traffic through the FortiGate-VM for inspection and policy enforcement. This is crucial for ensuring all desired traffic is secured.

Licensing Models

Understand the licensing options for FortiGate-VM in the cloud:

• Bring Your Own License (BYOL): If you have existing FortiGate licenses, you might be able to use them in the cloud.
• Pay-as-you-go (On-Demand): Cloud marketplaces often offer FortiGate-VM as a service, billed hourly or monthly, which can be ideal for flexible scaling and cost management. Choosing the right model is key for FortiGate Cloud Optimization from a financial perspective.

Best Practices for FortiGate-VM Configuration & Performance

Once deployed, optimizing your FortiGate-VM‘s configuration is vital for peak performance and security.

Resource Allocation & Performance Features

• Cloud-Native Network Features: Leverage cloud provider-specific network enhancements (e.g., SR-IOV in Azure, Enhanced Networking in AWS, or equivalent features) to boost throughput and reduce latency for your virtual network interfaces.
• Virtual Network Interface Sizing: Ensure your virtual network interfaces are appropriately sized and configured to handle expected traffic loads.

Policy Optimization

• Granular Security Policies: Create specific, granular security policies that define exactly what traffic is allowed or denied. Avoid broad “any/any” rules, which can increase processing overhead and security risks.
• Policy Ordering: Place the most frequently hit or most specific policies at the top of your rule base for faster processing.

Security Profile Tuning

• Balance Efficacy and Performance: While enabling all security profiles offers maximum protection, it also consumes more resources. Tune IPS, Antivirus, Web Filtering, and Application Control profiles to balance security efficacy with performance impact, focusing on the most critical threats for your environment.
• Exclusions: Implement judicious exclusions for trusted traffic or applications that don’t require deep inspection, but do so cautiously.

Logging & Monitoring

• Robust Logging: Configure your FortiGate-VM to send comprehensive logs to a centralized FortiAnalyzer instance (whether in the cloud or on-premises). This is critical for security analytics, troubleshooting, and FortiGate Threat Hunting.
• Continuous Monitoring: Regularly monitor your FortiGate-VM’s performance metrics (CPU utilization, memory usage, session count, throughput) using cloud provider monitoring tools and FortiGate dashboards to identify and address bottlenecks proactively.

High Availability (HA) in the Cloud

For business continuity and resilience, deploy FortiGate-VM in High Availability (HA) configurations. Cloud providers offer mechanisms to support active-passive or active-active HA setups, ensuring your security gateway remains operational even if an instance fails.

SD-WAN for Cloud Connectivity

Leverage FortiGate-VM‘s integrated Secure SD-WAN capabilities to optimize connectivity to SaaS applications, other cloud resources, and distributed branches. This improves user experience, reduces latency, and provides intelligent path selection for critical business traffic.

Cloud-Specific Security Integrations

• Cloud-Native Security Services: Integrate FortiGate-VM with cloud-native security services like security groups, network access control lists (NACLs), and Identity and Access Management (IAM) roles to create a layered, defense-in-depth strategy.
• Auto-Scaling: Explore options for auto-scaling FortiGate-VM instances based on demand, ensuring performance scales dynamically with your cloud workloads.

The BALANCED+ Advantage in FortiGate Cloud Optimization

Optimizing FortiGate-VM in complex cloud environments requires specialized expertise. BALANCED+ is your trusted partner in maximizing your FortiGate investment and ensuring robust cloud security. We can assist your business with:

• Strategic Planning and Design: Expertly architecting your FortiGate-VM deployments for optimal security and performance.
• Expert Configuration and Performance Tuning: Fine-tuning your FortiGate-VM instances for peak efficiency and security efficacy.
• Ongoing Managed Services: Providing continuous monitoring, maintenance, and threat intelligence for your cloud security infrastructure.
• Guidance on Cloud Security Best Practices: Ensuring your cloud environment adheres to the highest security standards and compliance requirements.

Don’t let the complexities of cloud security compromise your business. With proper FortiGate Cloud Optimization, you can achieve powerful, scalable, and efficient protection for your cloud-based assets.

Ready to boost your FortiGate-VM performance in the cloud?

Contact BALANCED+ today for a consultation and discover how we can help you achieve seamless FortiGate Cloud Optimization and robust security.

As a network professional, you rely on your FortiGate firewall to keep your network secure and running smoothly. But what happens when performance dips, or you see that unsettling “conserve mode activated” alert?

It can be frustrating when your critical security appliance isn’t performing as expected. You want a stable, high-performing network, and understanding these FortiGate behaviors is key to achieving it.

This guide is designed to help you quickly diagnose, understand, and address common FortiGate memory and performance challenges, ensuring your network stays protected and efficient. We’ll show you how to interpret key metrics and take actionable steps to optimize your FortiGate.

What is FortiGate Conserve Mode and Why Does It Matter to You?

Imagine your FortiGate as a highly efficient security guard. When its memory starts running low, it has a built-in “safety net” called conserve mode. This isn’t a failure; it’s a proactive measure designed to prevent crashes and keep your system stable, even under heavy load.

Here’s when it kicks in and what it means for your network:

• Trigger Point: Conserve mode activates when memory usage hits 88%.
• Critical Threshold: At 95% memory usage, your FortiGate starts dropping new sessions. This is where users will definitely notice an impact.
• Recovery: The system automatically exits conserve mode when memory usage drops below 82%.

Your Action: You can customize these thresholds to better suit your environment, giving you more control over your FortiGate’s behavior:

config system global
  set memory-use-threshold-extreme 95
  set memory-use-threshold-green 82
  set memory-use-threshold-red 88
end

The Silent Session Killer: Memory Tension Drops

Even before conserve mode, your FortiGate has another trick up its sleeve to manage memory: memory tension drops. If the system needs more memory and can’t allocate it, it will silently start dropping the oldest sessions to free up resources. This can impact active connections without a clear “conserve mode” alert.

How to Check: To see if memory tension drops are occurring, use this command:

BALANCED+ (global) #diag sys session stat
misc info:  session_count=75 setup_rate=3 exp_count=0 clash=0
     memory_tension_drop=0 ephemeral=0/126976 removeable=0 exteme_low_mem=0
     npu_session_count=21
     nturbo_session_count=21
delete=10, flush=13, dev_down=274/41 ses_walkers=0
TCP sessions:
     26 in ESTABLISHED state
     1 in TIME_WAIT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00000000
Ips_recv-000947dd
policy_deny=001703c4
av_recv=00000000
fqdn_count=00000012
fqdn6_count=00000000
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0

Look for the memory_tension_drop counter. A non-zero value here indicates sessions have been dropped due to memory pressure.

Is It Memory or CPU? Pinpointing Your FortiGate Performance Bottleneck

When your FortiGate is slow, the first question is often: Is it memory, CPU, or something else? Understanding how to quickly identify the root cause saves you valuable troubleshooting time.

Quick Diagnosis: Use this command to get a snapshot of your system’s performance:

get system performance status

BALANCED+ (global) # get system performance status
CPU states: 20% user 1% system 0% nice 79% idle 0% iowait 0% irq 0% softirq
CPU states: 11% user 1% system 0% nice 88% idle 0% iowait 0% irq 0% softirg
CPU1 states: 8% user 2% system 0% nice 90% idle 0% iowait 0% irq 0% softirq
CPU2 states: 15% user 0% system 0% nice 85% idle 0% iowait 0% irq 0% softirq
CPU3 states: 23% user 3% system 0% nice 74% idle 6% iowait 0% irq 0% softirq
CPU4 states: 33% user 4% system 0% nice 63% idle 0% iowait 0% irq 0% softirq
CPU5 states: 1% user 0% system 0% nice 99% idle 0% iowait 0% irq 0% softira
CPU6 states: 67% user 1% system 0% nice 32% idle 0% iowait 0% irq 0% softirq
CPU7 states: 4% user 0% system 0% nice 96% idle 0% iowait 0% irq 0% softira
Memory: 1964036k total, 1346896k used (68.6%), 369604k free (18.8%), 247536k freeable (12.6%)
Average network usage: 181 / 39 kbps in 1 minute, 216 / 63 kbps in 10 minutes, 229 / 71 kbps in 30 minutes
Maximal network usage: 413 / 340 kbps in 1 minute, 1456 / 1321 kbps in 10 minutes, 2505 / 2351 kbps in 30 minutes
Average sessions: 45 sessions in 1 minute, 45 sessions in 10 minutes, 44 sessions in 30
minutes
Maximal sessions: 80 sessions in 1 minute, 80 sessions in 10 minutes, 80 sessions in 30
minutes
Average session setup rate: e sessions per second in last 1 minute, e sessions per second in last 10 minutes, e sessions per second in last 30 minutes
Maximal session setup rate: 9 sessions per second in last 1 minute, 9 sessions per second in last 10 minutes, 9 sessions per second in last 30 minutes
Average NPU sessions: 7 sessions in last 1 minute, 8 sessions in last 10 minutes, 8 sessions in last 30 minutes
Maximal NPU sessions: 7 sessions in last 1 minute, 11 sessions in last 10 minutes, 11 sessions in last 30 minutes
Average Turbo sessions: 7 sessions in last 1 minute, 8 sessions in last 10 minutes, 8 sessions in last 30 minutes
Maximal Turbo sessions: 7 sessions in last 1 minute, 11 sessions in last 10 minutes, 11 sessions in last 30 minutes
Virus caught: e total in 1 minute
IPS attacks blocked: 0 total in 1 minute Uptime: 41 days, 5 hours, 18 minutes

This output provides crucial information on:

• CPU States: Helps you see if your CPU cores are overloaded (high “user” or “system” percentages, low “idle”).
• Memory Usage: Shows total, used, free, and freeable memory, along with the percentage used.
• Network Usage: Indicates current traffic load.
• Session Counts & Rates: Reveals how many active sessions your FortiGate is handling and the rate at which new sessions are being established.

Diving Deeper into Memory Usage:

FortiGate memory is categorized into several types:

• Kernel memory: Used by the operating system and drivers.
• Shared memory: Shared across processes, often for critical databases like IPS.
• User space: Memory consumed by individual running processes (e.g., httpsd).
• Cached memory: Used for disk caching to speed up operations.
• Slab memory: Pre-allocated memory for specific structures like sessions and NAT entries.

To investigate shared memory, use:

BALANCED+ (global) # diag hardware sysinfo shm

SHM FS total:
1379164168
1315 MB

SHM FS free:
1376931840
1313 MB

SHM FS avail:
1376931848
1313 MB

SHM FS alloc:
2232320
2 MB

For a more granular view of memory and process activity, these commands are invaluable:

diagnose sys top             // Real-time process monitoring (like 'top' in Linux)
diagnose hardware sysinfo memory // Detailed memory breakdown
diagnose hardware sysinfo slab   // Slab memory statistics

Managing FortiGate Processes: Taking Control (Carefully!)

Understanding process states can help you identify rogue processes consuming excessive resources.

Process States:

FortiGate processes can be in different states (like sleeping, running, etc.). You can see them with: fnsysctl ps

Important Note: Killing processes in a production environment should be done with extreme caution and only if you fully understand the implications. It can disrupt services. This is primarily for controlled test environments or under Fortinet TAC guidance.

If you need to kill a process (use with care!):

1. Find the Process ID (PID):
   diagnose sys process pidof httpsd // Replace ‘httpsd’ with the process name
   
2. Kill a Specific Process:
   diagnose sys kill <signal> <PID>
   

FortiGate processes can be in different states (like sleeping, running, etc.). You can see them with: fnsysctl ps 

If youre in a test environment and want to experiment with killing a process (not recommended in production!), heres how: 

Find the process ID: diagnose sys process pidof httpsd 

Kill a specific process: diagnose sys kill <signal> <PID> 

Kill all processes with the same name: fnsysctl killall httpsd 
 

Common termination signals:

• 4 Illegal instruction

• 6 Abort command from FortiOS

• 7 Bus error

• 9 Unconditional kill

• 11 Invalid memory reference

• 14 Alarm clock

• 15 Graceful kill (recommended)

Boosting FortiGate Performance: Actionable Tips for You

Beyond troubleshooting, proactive optimization can prevent issues before they impact your network.

Common Performance-Heavy Features to Monitor:

• WAN Optimization: While beneficial, it can be resource-intensive.
• Threat Feeds: Continuous updates consume memory and CPU.
• Logging/Report Generation: Extensive logging can impact performance.
• Proxy-based Inspection: Deep packet inspection requires significant resources.

Tips to Boost Your FortiGate’s Performance:

• Tune Worker Processes: Adjust the number of worker processes to match your appliance’s capabilities and workload. Fortinet TAC can provide expert guidance here.
• Add More Memory (for VMs): If your FortiGate is a virtual machine, allocating more RAM can significantly improve performance.
• Utilize Hardware Acceleration (Physical Appliances): Ensure hardware acceleration features are enabled and properly configured on physical FortiGate appliances to offload tasks from the CPU.

Need Expert Assistance?

Navigating FortiGate performance optimization can be complex, especially with busy networks. If you’re looking to ensure your FortiGate is running at its absolute best, or if you’re facing persistent performance challenges, expert assistance can make all the difference.

BALANCED+ is a trusted Fortinet partner with deep expertise in performance tuning and optimization. We can help you analyze your specific environment, implement best practices, and ensure your FortiGate provides the robust security and performance your business demands.

Reach out to BALANCED+ today to discuss how we can help you achieve optimal FortiGate performance and keep your network running smoothly.