Skip to Content

How to fix file upload issues on small FortiGates (less than 2GB of memory) using a PPPoE scope

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article describes troubleshooting steps for resolving file upload issues on small FortiGate devices (less than 2GB of memory) using PPPoE.

Users may experience issues where PDF (or any other large file) uploads fail when using FortiGate devices (less than 2GB of memory) as the central firewall.

This problem is often observed when the Internet connection is terminated on the FortiGate using PPPoE, with the FortiGate directly connected to the ISP modem operating in bridge mode.

The issue is more frequent if the user has an xDSL connection with an upload capacity equal to or below 1Mbps.

Scope

Small FortiGates (less than 2GB of memory).

Solution

When the scenario described above exists, the following symptoms are typically observed:

  1. High CPU and memory usage on the FortiGate during file uploads.
  2. PPPoE connection flapping between the FortiGate and the PPPoE server.

Recommended solution.

To address this issue, install the optimization script below to free up resources (CPU and memory) and adjust the LCP timers.

Script for optimization to free up resources (CPU and memory) and adjust the LCP timers:

config system global
set memory-use-threshold-extreme 97
set memory-use-threshold-green 90
set memory-use-threshold-red 95
set tcp-halfclose-timer 30
set tcp-timewait-timer 0
set udp-idle-timer 60
set miglogd-children 1
set sslvpn-max-worker-count 2
set wad-worker-count 2
set scanunit-count 2
end
config ips global
set np-accel-mode none
set engine-count 2
set socket-size 32
end
config system session-ttl
set default 300
config port
edit 0
set protocol 17
set timeout 10
set end-port 53
set start-port 53
next
end
end
config system dns
set dns-cache-limit 600
end
config system fortiguard
set webfilter-cache-ttl 600
set antispam-cache-ttl 600
end
config system automation-action
edit "RestartWAD"
set action-type cli-script
set minimum-interval 5
set script "diag test app wad 99"
set accprofile "super_admin"
next
end
config system automation-trigger
edit "Enters Conserve Mode"
set event-type low-memory
next
end
config system automation-stitch
edit "Restart WAD during Conserve Mode"
set trigger "Enters Conserve Mode"
config actions
edit 1
set action "RestartWAD"
set required enable
next
end
next
end
config system auto-script
edit restart_IPSengine
set interval 43200
set repeat 356
set start auto
set script 'diagnose test application ipsmonitor 99'
next
end
config system interface
edit "wan1" <- Insert the PPPoE interface.
set vdom "root"
set mode pppoe
set lcp-echo-interval 30
set lcp-max-echo-fails 20
next
end