Technical Note : Best Practice for Fortinet Small Business models (FortiGate 30B, FortiGate 50B, FortiGate 60B, FortiGate 60C)
Products
FortiGate |
Description
This article provides guidelines to ensure a reliable operation of Fortinet Small Business models such as the FortiGate 30B, FortiGate 50B, FortiGate 60B, and FortiGate 60C.
Scope
Fortinet Small Business models.
Solution
It is suggested to use the following configuration best practices in order to obtain the best utilisation of the available memory in the Fortinet Small Business models:
- Disable logging to memory (Log&Report > Log Config > Log Setting).
- Disable unused protocols (HTTP, FTP, SMTP, POP, IMAP) from being antivirus scanned (Firewall>Protection Profile).
- Consider reducing the Oversize Threshold memory settings if the FortiGate unit shows persistently high memory usage. Set the 'Oversize Threshold Configuration' memory settings to 2MB for each respective protocol (Edit profile, Under Anti-Virus configuration set the oversize file threshold).
- Disable the DHCP server if it is not required (System > DHCP > Service and System > DHCP > Server).
- Disable DNS Forwarding if it is not required (System > Network > DNS).
- Disabling unnecessary IPS attack signatures can improve system performance and reduce the number of IPS log messages and alert emails. For example, if the network does not contain IIS web servers, the IIS signatures can be disabled.
- Change the default session TTL:
config system session-ttl
set default 300
end- Change the FortiGuard TTL:
config system fortiguard
set webfilter-cache-ttl 500
set antispam-cache-ttl 500
end- Change DNS cache:
config system dns
set dns-cache-limit 300
end- Disable DNS forwarding:
config system dns
unset fwdintf
end- If there is more than one DHCP server it will increase the memory usage.
- The best recommended version of FortiOS for FortiGate Small Business models is currently V4.0 MR1 latest patch.
The FortiGate unit should be rebooted after having disabled the various features and services in order to free up the memory.
'IT Information > Fortinet Technical' 카테고리의 다른 글
Technical Note: Dual WAN scenario (static and policy routes) and wan-load-balance (0) | 2015.12.09 |
---|---|
Technical Note : FortiGate to Juniper SSG VPN (0) | 2014.12.23 |
Technical Note : ICMP and UDP traceroute functionality with the FortiGate (0) | 2014.12.23 |
Technical Note : iPhone VPN support on the FortiGate (IPSec , PPtP , SSL) (0) | 2014.05.28 |
FortiGate :: Windows 8.1에서 SSLVPN 연결 이슈 (0) | 2013.12.01 |