Fortinet black logo

Handbook

Performance tips

Performance tips

When configuring the system and its features, there are many settings and practices that can yield better performance.

System performance

  • Delete or disable unused policies. The system allocates memory with each server policy, regardless of whether it is actually in active use. Configuring extra policies will unnecessarily consume memory and decrease performance.
  • To reduce latency associated with DNS queries, use a DNS server on your local network as your primary DNS.
  • If your network’s devices support them, you can create one or more VLAN interfaces. VLANs reduce the size of a broadcast domain and the amount of broadcast traffic received by network hosts, thus improving network performance.
  • If you have enabled the server health check feature and one of the servers is down for an extended period, you can improve system performance by disabling group membership for the physical server, rather than allowing the server health check to continue checking for the server's responsiveness.

Reducing the impact of logging on performance

  • If you have a FortiAnalyzer, store FortiADC logs on the FortiAnalyzer to avoid resource usage associated with writing logs to the local hard disk.
  • If you do not need a traffic log, disable it to reduce the use of system resources.
  • Reduce repetitive log messages. Use the alert email settings to define the interval that emails are sent if the same condition persists following the initial occurrence.
  • Avoid recording log messages using low severity thresholds, such as information or notification, to the local hard disk for an extended period of time. Excessive logging frequency saps system resources and can cause undue wear on the hard disk and may cause premature failure.

Reducing the impact of reports on system performance

Generating reports can be resource intensive. To avoid performance impacts, consider scheduling report generation during times with low traffic volume, such as at night and on weekends.

Keep in mind that most reports are based upon log messages. All caveats regarding log performance also apply.

Reducing the impact of packet capture on system performance

Packet capture can be useful for troubleshooting but can be resource intensive. To minimize the impact on system performance, use packet capture only during periods of minimal traffic. Use a local console CLI connection rather than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.

Performance tips

When configuring the system and its features, there are many settings and practices that can yield better performance.

System performance

  • Delete or disable unused policies. The system allocates memory with each server policy, regardless of whether it is actually in active use. Configuring extra policies will unnecessarily consume memory and decrease performance.
  • To reduce latency associated with DNS queries, use a DNS server on your local network as your primary DNS.
  • If your network’s devices support them, you can create one or more VLAN interfaces. VLANs reduce the size of a broadcast domain and the amount of broadcast traffic received by network hosts, thus improving network performance.
  • If you have enabled the server health check feature and one of the servers is down for an extended period, you can improve system performance by disabling group membership for the physical server, rather than allowing the server health check to continue checking for the server's responsiveness.

Reducing the impact of logging on performance

  • If you have a FortiAnalyzer, store FortiADC logs on the FortiAnalyzer to avoid resource usage associated with writing logs to the local hard disk.
  • If you do not need a traffic log, disable it to reduce the use of system resources.
  • Reduce repetitive log messages. Use the alert email settings to define the interval that emails are sent if the same condition persists following the initial occurrence.
  • Avoid recording log messages using low severity thresholds, such as information or notification, to the local hard disk for an extended period of time. Excessive logging frequency saps system resources and can cause undue wear on the hard disk and may cause premature failure.

Reducing the impact of reports on system performance

Generating reports can be resource intensive. To avoid performance impacts, consider scheduling report generation during times with low traffic volume, such as at night and on weekends.

Keep in mind that most reports are based upon log messages. All caveats regarding log performance also apply.

Reducing the impact of packet capture on system performance

Packet capture can be useful for troubleshooting but can be resource intensive. To minimize the impact on system performance, use packet capture only during periods of minimal traffic. Use a local console CLI connection rather than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.