infraserve Logo
Blog

FortiGate Performance Monitoring: How to Analyze CPU and Memory Metrics?

FortiGate Performance Monitoring: How to Analyze CPU and Memory Metrics?
CONTENTS

The health of the FortiGate appliances to which you entrust your network security directly depends on their processor (CPU) and memory metrics. Correctly interpreting these values is vital to preventing potential network slowdowns and keeping the device from falling into critical states such as "Conserve Mode."

So, what do these percentages on the dashboard actually tell us?

CPU Usage: The Processing Load of the Device

CPU metrics indicate how intensively the device is inspecting traffic (IPS, Antivirus, SSL Inspection, etc.).

  • Normal Level (0% - 50%): The device is operating stably. Instantaneous fluctuations are normal.

  • Warning Level (50% - 70%): The load has begun to increase. This surge is usually triggered by intensive SSL inspection or logging processes.

  • Critical Level (70% - 100%): The device is at a bottleneck. Packet drops and management interface latency can be observed at this stage.

  • Technical Tip: If the CPU is constantly high, configuring the traffic profiles as "Flow-based" instead of "Proxy-based" can lighten the processing load.

Memory Usage and the Danger of "Conserve Mode"

Memory utilization is more critical than CPU in FortiGate systems because when memory is exhausted, the device enters a self-protection state.

  • 0% - 70% (Safe Zone): The system runs all services smoothly.

  • 70% - 80% (Amber Alarm): The device begins to behave more selectively when opening new sessions.

  • 80% and Above (Red / Conserve Mode): The device enters "Conserve Mode." In this mode, FortiGate may disable certain security inspections or reject new connections to prevent a system crash.

  • Solution: If memory consumption exceeds 80%, memory-intensive daemons such as the IPS engine or WAD processes must be analyzed.

Technical Analysis: Querying Performance via the CLI

While dashboard data gives a general idea, the FortiOS CLI (Command Line Interface) must be used for a definitive diagnosis. Here are the most essential commands:

  • General Status: get system performance status (Displays CPU load and averages in real time.)

  • Memory Details: diagnose hardware sysinfo memory (Provides total and free memory amounts with technical breakdown.)

  • Process Analysis: diagnose sys top (Lists which applications—such as IPS, Log, or WAD—are consuming the most CPU and RAM resources.)

3 Golden Rules to Optimize Performance

  1. Avoid Unnecessary Logging: Choosing the "Security Events" option instead of logging "All Sessions" in every traffic policy significantly reduces resource consumption.

  2. Utilize Automation: Offload the log processing overhead from the local appliance to an external platform by utilizing FortiAnalyzer.

  3. Keep Software Updated: FortiOS firmware upgrades typically include performance enhancements and memory leak patches.

Our Solution Partners

aws logo dell logo fortinet logo manageengine logo microsoft logo veeam logo
Form

Are you ready to take your business to the next level?